Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,077 advisories

Loading
JSNAPy allows unprivileged local users to alter files under the directory High
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions Critical
CVE-2019-17383 was published for netaddr (RubyGems) Oct 14, 2019
stuarthannig
Django allows unintended model editing High
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
Incorrect Default Permissions in keyring High
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
Improper Authorization in Strapi High
CVE-2020-27665 was published for strapi-plugin-content-type-builder (npm) Oct 29, 2020
Django Incorrect Default Permissions Moderate
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Django Incorrect Default Permissions High
CVE-2020-24583 was published for Django (pip) Mar 18, 2021
Privilege escalation in rbac High
CVE-2021-22538 was published for github.com/google/exposure-notifications-verification-server (Go) May 21, 2021
Incorrect Default Permissions in Binance tss-lib High
CVE-2020-12118 was published for github.com/binance-chain/tss-lib (Go) Jun 29, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system Moderate
CVE-2021-3917 was published for coreos-installer (Rust) Nov 8, 2021
xlejo
Incorrect Default Permissions in Apache JSPWiki Critical
CVE-2021-44140 was published for org.apache.jspwiki:jspwiki-main (Maven) Nov 29, 2021
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. Critical Unreviewed
CVE-2021-44833 was published Dec 13, 2021
ProTip! Advisories are also available from the GraphQL API