GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
SpiceDB exclusions can result in no permission returned when permission expected
Moderate
CVE-2024-38361
was published
for
github.com/authzed/spicedb
(Go)
Jun 20, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Low
CVE-2021-41089
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
High
CVE-2021-43816
was published
for
github.com/containerd/containerd
(Go)
Jan 6, 2022
Access control flaw in Kiali
High
CVE-2021-3495
was published
for
github.com/kiali/kiali
(Go)
Jun 8, 2021
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
ProTip!
Advisories are also available from the
GraphQL API