Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,118 advisories

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
WebExtensions with the correct permissions were able to create and install ServiceWorkers for... Moderate Unreviewed
CVE-2021-43540 was published Dec 9, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a... High Unreviewed
CVE-2021-44512 was published Dec 8, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... Moderate Unreviewed
CVE-2021-37058 was published Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file... High Unreviewed
CVE-2021-43034 was published Dec 7, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access... High Unreviewed
CVE-2021-43359 was published Dec 2, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42115 was published Dec 1, 2021
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for... Moderate Unreviewed
CVE-2021-44230 was published Dec 1, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to... High Unreviewed
CVE-2021-40101 was published Dec 1, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation... High Unreviewed
CVE-2021-43019 was published Nov 24, 2021
Incorrect permissions in Apache Ozone Moderate
CVE-2021-39235 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for... High Unreviewed
CVE-2021-0064 was published Nov 18, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Incorrect Permission Assignment for Critical Resource in Node High Unreviewed
CVE-2021-22921 was published Jul 13, 2021
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
Code injection in Apache Druid High
CVE-2021-25646 was published for org.apache.druid:druid (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API