Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

200 advisories

Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
User with no permission to any of the Hosts can access and view host count & other statistics... Moderate Unreviewed
CVE-2024-22114 was published Aug 12, 2024
A non-admin user can change or remove important features within the Zabbix Agent application,... Moderate Unreviewed
CVE-2024-22121 was published Aug 12, 2024
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin... High Unreviewed
CVE-2024-23464 was published Aug 6, 2024
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a... Moderate Unreviewed
CVE-2024-33892 was published Aug 2, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10... High Unreviewed
CVE-2024-40805 was published Jul 30, 2024
This issue was addressed through improved state management. This issue is fixed in watchOS 10.6,... High Unreviewed
CVE-2024-40824 was published Jul 30, 2024
An input validation issue was addressed with improved input validation. This issue is fixed in... High Unreviewed
CVE-2024-40800 was published Jul 30, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app... High Unreviewed
CVE-2024-40811 was published Jul 30, 2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-40821 was published Jul 30, 2024
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS... High Unreviewed
CVE-2024-40828 was published Jul 30, 2024
A permissions issue was addressed by removing vulnerable code and adding additional checks. This... High Unreviewed
CVE-2024-27888 was published Jul 30, 2024
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate... Critical Unreviewed
CVE-2024-36532 was published Jun 22, 2024
SpiceDB exclusions can result in no permission returned when permission expected Low
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force... High Unreviewed
CVE-2023-25646 was published Jun 20, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
When installing Nessus to a directory outside of the default location on a Windows host, Nessus... High Unreviewed
CVE-2024-3289 was published May 17, 2024
When installing Nessus Agent to a directory outside of the default location on a Windows host,... High Unreviewed
CVE-2024-3291 was published May 17, 2024
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service Moderate
CVE-2024-1726 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Apr 25, 2024
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get... Low Unreviewed
CVE-2024-22177 was published Apr 2, 2024
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
Anope before 2.0.15 does not prevent resetting the password of a suspended account. Moderate Unreviewed
CVE-2024-30187 was published Mar 25, 2024
Apache Airflow: Ignored Airflow Permission Moderate
CVE-2024-28746 was published for apache-airflow (pip) Mar 14, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API