Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS... Moderate Unreviewed
CVE-2022-22650 was published Mar 19, 2022
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine... Moderate Unreviewed
CVE-2021-1025 was published Dec 16, 2021
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a... Moderate Unreviewed
CVE-2021-0653 was published Dec 16, 2021
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-1010 was published Dec 16, 2021
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the... Moderate Unreviewed
CVE-2021-43708 was published Apr 22, 2022
Shopware access control list bypassed via crafted specific URLs Moderate
CVE-2022-36102 was published for shopware/shopware (Composer) Sep 16, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2021-0542 was published May 24, 2022
The communication module has a vulnerability of improper permission preservation. Successful... Moderate Unreviewed
CVE-2022-31755 was published Jun 14, 2022
Improper validation of permissions for third party application accessing Telephony service API... Moderate Unreviewed
CVE-2021-35079 was published Jun 15, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because... Moderate Unreviewed
CVE-2022-32969 was published Jun 30, 2022
fhir-works-on-aws-authz-smart handles permissions improperly Moderate
CVE-2022-39230 was published for fhir-works-on-aws-authz-smart (npm) Sep 21, 2022
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a... Moderate Unreviewed
CVE-2020-6564 was published May 24, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not... Moderate Unreviewed
CVE-2022-47547 was published Dec 19, 2022
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR... Moderate Unreviewed
CVE-2020-7063 was published May 24, 2022
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions... Moderate Unreviewed
CVE-2020-13230 was published May 24, 2022
In core networking, there is a missing permission check. This could lead to local information... Moderate Unreviewed
CVE-2020-0327 was published May 24, 2022
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent.... Moderate Unreviewed
CVE-2020-0269 was published May 24, 2022
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This... Moderate Unreviewed
CVE-2020-0265 was published May 24, 2022
In Settings, there is a possible permissions bypass. This could lead to local information... Moderate Unreviewed
CVE-2020-0331 was published May 24, 2022
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow... Moderate Unreviewed
CVE-2020-12353 was published May 24, 2022
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC... Moderate Unreviewed
CVE-2021-23963 was published May 24, 2022
If certificates that signed grub are installed into db, grub can be booted directly. It will then... Moderate Unreviewed
CVE-2021-3418 was published May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an... Moderate Unreviewed
CVE-2021-21735 was published May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker... Moderate Unreviewed
CVE-2021-22382 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database