GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
218 advisories
Filter by severity
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write...
High
Unreviewed
CVE-2023-43612
was published
Nov 20, 2023
Netskope was made aware of a security vulnerability in its NSClient product for version 100 &...
Moderate
Unreviewed
CVE-2023-4996
was published
Nov 6, 2023
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
OpenSearch Issue with tenant read-only permissions
Moderate
CVE-2023-45807
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Oct 17, 2023
A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before...
High
Unreviewed
CVE-2023-39902
was published
Oct 17, 2023
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows...
Low
Unreviewed
CVE-2023-30735
was published
Oct 4, 2023
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory....
Moderate
Unreviewed
CVE-2022-47637
was published
Sep 13, 2023
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin
High
CVE-2023-41939
was published
for
org.jenkins-ci.plugins:ssh2easy
(Maven)
Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
System files could be overwritten using the less command in Brocade Fabric OS before Brocade...
High
Unreviewed
CVE-2023-31926
was published
Aug 2, 2023
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local...
High
Unreviewed
CVE-2023-1386
was published
Jul 24, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper...
High
Unreviewed
CVE-2022-43910
was published
Jul 19, 2023
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time...
Moderate
Unreviewed
CVE-2023-21249
was published
Jul 13, 2023
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local...
High
Unreviewed
CVE-2023-0975
was published
Jul 6, 2023
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially...
High
Unreviewed
CVE-2022-4139
was published
Jul 6, 2023
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables...
Moderate
Unreviewed
CVE-2023-2818
was published
Jun 27, 2023
A valid, authenticated user with limited privileges may be able to use specifically crafted web...
Moderate
Unreviewed
CVE-2023-2993
was published
Jun 26, 2023
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a...
High
Unreviewed
CVE-2023-28161
was published
Jun 2, 2023
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web...
High
Unreviewed
CVE-2023-31923
was published
May 22, 2023
Remote code execution in Voyager
Critical
CVE-2020-36070
was published
for
tcg/voyager
(Composer)
Apr 26, 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders...
Critical
Unreviewed
CVE-2021-33990
was published
Apr 16, 2023
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
vantage6 vulnerable to Improper Preservation of Permissions
High
CVE-2023-22738
was published
for
vantage6
(pip)
Feb 28, 2023
ProTip!
Advisories are also available from the
GraphQL API