GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
304 advisories
Filter by severity
In Device Policy, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39769
was published
Mar 31, 2022
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could...
Moderate
Unreviewed
CVE-2021-39779
was published
Mar 31, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of...
Moderate
Unreviewed
CVE-2022-22948
was published
Mar 30, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website...
Moderate
Unreviewed
CVE-2021-44751
was published
Mar 26, 2022
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain...
Moderate
Unreviewed
CVE-2022-25570
was published
Mar 22, 2022
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder...
Moderate
Unreviewed
CVE-2021-22571
was published
Mar 19, 2022
In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a...
Moderate
Unreviewed
CVE-2021-39705
was published
Mar 17, 2022
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission...
Moderate
Unreviewed
CVE-2021-32006
was published
Mar 11, 2022
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a...
Moderate
Unreviewed
CVE-2021-20269
was published
Mar 11, 2022
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this...
Moderate
Unreviewed
CVE-2021-40059
was published
Mar 11, 2022
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow...
Moderate
Unreviewed
CVE-2021-44215
was published
Mar 11, 2022
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions...
Moderate
Unreviewed
CVE-2021-44216
was published
Mar 11, 2022
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3...
Moderate
Unreviewed
CVE-2021-38268
was published
Mar 3, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin...
Moderate
Unreviewed
CVE-2021-46270
was published
Mar 3, 2022
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked...
Moderate
Unreviewed
CVE-2022-24337
was published
Feb 26, 2022
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only...
Moderate
Unreviewed
CVE-2022-24343
was published
Feb 26, 2022
There is an improper permission management vulnerability in the Wallet apps. Successful...
Moderate
Unreviewed
CVE-2021-37103
was published
Feb 26, 2022
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying...
Moderate
Unreviewed
CVE-2021-3155
was published
Feb 19, 2022
An incorrect default permissions vulnerability was found in the mig-controller. Due to an...
Moderate
Unreviewed
CVE-2021-3948
was published
Feb 19, 2022
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.
Moderate
Unreviewed
CVE-2022-24301
was published
Feb 15, 2022
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware...
Moderate
Unreviewed
CVE-2022-23996
was published
Feb 12, 2022
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to...
Moderate
Unreviewed
CVE-2022-23995
was published
Feb 12, 2022
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged...
Moderate
Unreviewed
CVE-2021-0093
was published
Feb 11, 2022
Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may...
Moderate
Unreviewed
CVE-2021-33166
was published
Feb 11, 2022
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability...
Moderate
Unreviewed
CVE-2021-40415
was published
Jan 29, 2022
ProTip!
Advisories are also available from the
GraphQL API