Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,118 advisories

High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
Ericsson Network Manager 20.2 has Insecure Permissions. Moderate Unreviewed
CVE-2021-28488 was published Mar 11, 2022
'Root Service' service implemented in the following Yokogawa Electric products creates some named... High Unreviewed
CVE-2022-22148 was published Mar 12, 2022
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4,... Moderate Unreviewed
CVE-2020-15388 was published Mar 19, 2022
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user... Moderate Unreviewed
CVE-2022-26247 was published Mar 21, 2022
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow... High Unreviewed
CVE-2022-24125 was published Mar 21, 2022
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to... Low Unreviewed
CVE-2022-24236 was published Mar 22, 2022
Description: A permissions issue was addressed with improved validation. This issue is fixed in... Low Unreviewed
CVE-2022-22599 was published Mar 19, 2022
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission... Moderate Unreviewed
CVE-2021-0931 was published Dec 16, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... Moderate Unreviewed
CVE-2021-37058 was published Dec 8, 2021
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of... Moderate Unreviewed
CVE-2022-23869 was published Mar 31, 2022
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a... Moderate Unreviewed
CVE-2022-0803 was published Apr 6, 2022
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated... High Unreviewed
CVE-2022-26250 was published Apr 7, 2022
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. High Unreviewed
CVE-2022-26281 was published Apr 6, 2022
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default... High Unreviewed
CVE-2021-23244 was published Dec 28, 2021
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system... High Unreviewed
CVE-2022-22516 was published Apr 8, 2022
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before... High Unreviewed
CVE-2021-46561 was published Feb 8, 2022
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1... High Unreviewed
CVE-2022-23448 was published Apr 13, 2022
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to... High Unreviewed
CVE-2021-39795 was published Apr 13, 2022
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges,... High Unreviewed
CVE-2021-42562 was published Jan 13, 2022
ProTip! Advisories are also available from the GraphQL API