GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,077 advisories
Filter by severity
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
Critical
CVE-2019-17383
was published
for
netaddr
(RubyGems)
Oct 14, 2019
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
Incorrect Default Permissions in keyring
High
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Improper Authorization in Strapi
High
CVE-2020-27665
was published
for
strapi-plugin-content-type-builder
(npm)
Oct 29, 2020
Django Incorrect Default Permissions
Moderate
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Django Incorrect Default Permissions
High
CVE-2020-24583
was published
for
Django
(pip)
Mar 18, 2021
Privilege escalation in rbac
High
CVE-2021-22538
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
May 21, 2021
Incorrect Default Permissions in Binance tss-lib
High
CVE-2020-12118
was published
for
github.com/binance-chain/tss-lib
(Go)
Jun 29, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before...
High
Unreviewed
CVE-2021-33071
was published
Nov 18, 2021
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated...
High
Unreviewed
CVE-2021-33088
was published
Nov 18, 2021
Incorrect Default Permissions in Apache JSPWiki
Critical
CVE-2021-44140
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Nov 29, 2021
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with...
High
Unreviewed
CVE-2021-42711
was published
Dec 3, 2021
A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report...
High
Unreviewed
CVE-2021-21957
was published
Dec 9, 2021
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file.
Critical
Unreviewed
CVE-2021-44833
was published
Dec 13, 2021
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN...
High
Unreviewed
CVE-2021-39651
was published
Dec 16, 2021
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check...
High
Unreviewed
CVE-2021-39639
was published
Dec 16, 2021
In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of...
Moderate
Unreviewed
CVE-2021-0979
was published
Dec 16, 2021
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This...
High
Unreviewed
CVE-2021-0904
was published
Dec 16, 2021
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this...
High
Unreviewed
CVE-2021-43325
was published
Dec 16, 2021
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
High
Unreviewed
CVE-2021-43326
was published
Dec 16, 2021
ProTip!
Advisories are also available from the
GraphQL API