GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
Missing permission checks in Jenkins Release Helper Plugin
Moderate
CVE-2022-27215
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Smarty Does Not Consider Umask Values When Setting Permissions
Moderate
CVE-2009-5054
was published
for
smarty/smarty
(Composer)
May 2, 2022
Ansible Arbitrary File Overwrite Vulnerability
Moderate
CVE-2013-4260
was published
for
ansible
(pip)
May 14, 2022
Jython Improper Access Restrictions vulnerability
Moderate
CVE-2013-2027
was published
for
org.python:jython-standalone
(Maven)
May 14, 2022
Missing permission check in Jenkins Support Core Plugin
Moderate
CVE-2019-16539
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Moderate
CVE-2021-22137
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Shopware access control list bypassed via crafted specific URLs
Moderate
CVE-2022-36102
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
fhir-works-on-aws-authz-smart handles permissions improperly
Moderate
CVE-2022-39230
was published
for
fhir-works-on-aws-authz-smart
(npm)
Sep 21, 2022
OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions
Moderate
CVE-2022-44020
was published
for
sushy-tools
(pip)
Oct 30, 2022
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
OpenSearch Issue with tenant read-only permissions
Moderate
CVE-2023-45807
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Oct 17, 2023
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Moderate
CVE-2024-28152
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Mar 6, 2024
Apache Airflow: Ignored Airflow Permission
Moderate
CVE-2024-28746
was published
for
apache-airflow
(pip)
Mar 14, 2024
Apache Airflow Improper Preservation of Permissions vulnerability
Moderate
CVE-2024-29735
was published
for
apache-airflow
(pip)
Mar 26, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate
CVE-2024-1726
was published
for
io.quarkus.resteasy.reactive:resteasy-reactive
(Maven)
Apr 25, 2024
SpiceDB exclusions can result in no permission returned when permission expected
Moderate
CVE-2024-38361
was published
for
github.com/authzed/spicedb
(Go)
Jun 20, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
ProTip!
Advisories are also available from the
GraphQL API