GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Incorrect Default Permissions in keyring
High
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
Improper Authorization in Strapi
High
CVE-2020-27665
was published
for
strapi-plugin-content-type-builder
(npm)
Oct 29, 2020
Django Incorrect Default Permissions
High
CVE-2020-24583
was published
for
Django
(pip)
Mar 18, 2021
Privilege escalation in rbac
High
CVE-2021-22538
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
May 21, 2021
Incorrect Default Permissions in Binance tss-lib
High
CVE-2020-12118
was published
for
github.com/binance-chain/tss-lib
(Go)
Jun 29, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Incorrect Default Permissions in Apache DolphinScheduler
High
CVE-2020-13922
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Feb 9, 2022
Incorrect Default Permissions in Apache Tomcat
High
CVE-2020-8022
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
•
withdrawn
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Podman's default inheritable capabilities for linux container not empty
High
CVE-2022-27649
was published
for
github.com/containers/podman/v4
(Go)
Apr 1, 2022
Apache Tomcat may be started without proper security settings
High
CVE-2002-0493
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Incorrect Default Permissions in Supervisor
High
CVE-2017-11610
was published
for
supervisor
(pip)
May 13, 2022
Singularity insecure permissions
High
CVE-2019-19724
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2022
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
rtslib-fb weak permissions for /etc/target/saveconfig.json file
High
CVE-2020-14019
was published
for
rtslib-fb
(pip)
May 24, 2022
Access to Unix domain socket can lead to privileges escalation in Cilium
High
CVE-2022-29178
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
Duplicate Advisory: Apiman has insufficient checks for read permissions
High
GHSA-54r5-wr8x-x5v3
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Dec 20, 2022
•
withdrawn
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Jenkins temporary plugin file created with insecure permissions
High
CVE-2023-43496
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
ProTip!
Advisories are also available from the
GraphQL API