Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

208 advisories

Loading
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web... High Unreviewed
CVE-2023-31923 was published May 22, 2023
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64... Moderate Unreviewed
CVE-2019-20384 was published May 24, 2022
OX App Suite through 7.10.2 has Insecure Permissions. High Unreviewed
CVE-2019-14226 was published May 24, 2022
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without... Moderate Unreviewed
CVE-2019-14956 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x... Moderate Unreviewed
CVE-2019-6995 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before... Moderate Unreviewed
CVE-2019-6791 was published May 24, 2022
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get... Low Unreviewed
CVE-2024-22177 was published Apr 2, 2024
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege... High Unreviewed
CVE-2021-45008 was published Feb 22, 2022
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through... Moderate Unreviewed
CVE-2024-21816 was published Mar 4, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
System files could be overwritten using the less command in Brocade Fabric OS before Brocade... High Unreviewed
CVE-2023-31926 was published Aug 2, 2023
Smarty Does Not Consider Umask Values When Setting Permissions Moderate
CVE-2009-5054 was published for smarty/smarty (Composer) May 2, 2022
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version,... Moderate Unreviewed
CVE-2024-0674 was published Jan 30, 2024
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and... Moderate Unreviewed
CVE-2002-2323 was published Apr 30, 2022
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories... Moderate Unreviewed
CVE-2001-1515 was published Apr 30, 2022
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the... Moderate Unreviewed
CVE-2005-1920 was published May 1, 2022
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world... Low Unreviewed
CVE-2001-0195 was published Apr 30, 2022
Improper Preservation of Permissions in etcd Moderate
CVE-2020-15113 was published for github.com/etcd-io/etcd (Go) Jan 30, 2024
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin High
CVE-2023-41939 was published for org.jenkins-ci.plugins:ssh2easy (Maven) Sep 6, 2023
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file... Moderate Unreviewed
CVE-2020-16910 was published May 24, 2022
Insufficient macro permission validation of The Document Foundation LibreOffice allows an... High Unreviewed
CVE-2023-6186 was published Dec 11, 2023
Missing permission check in Jenkins Support Core Plugin Moderate
CVE-2019-16539 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote... Critical Unreviewed
CVE-2023-47463 was published Nov 30, 2023
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write... High Unreviewed
CVE-2023-43612 was published Nov 20, 2023
Remote code execution in Voyager Critical
CVE-2020-36070 was published for tcg/voyager (Composer) Apr 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database