Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

185 advisories

The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory.... Moderate Unreviewed
CVE-2022-47637 was published Sep 13, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin High
CVE-2023-41939 was published for org.jenkins-ci.plugins:ssh2easy (Maven) Sep 6, 2023
System files could be overwritten using the less command in Brocade Fabric OS before Brocade... High Unreviewed
CVE-2023-31926 was published Aug 2, 2023
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local... High Unreviewed
CVE-2023-1386 was published Jul 24, 2023
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper... High Unreviewed
CVE-2022-43910 was published Jul 19, 2023
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time... Moderate Unreviewed
CVE-2023-21249 was published Jul 13, 2023
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local... High Unreviewed
CVE-2023-0975 was published Jul 6, 2023
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially... High Unreviewed
CVE-2022-4139 was published Jul 6, 2023
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables... Moderate Unreviewed
CVE-2023-2818 was published Jun 27, 2023
A valid, authenticated user with limited privileges may be able to use specifically crafted web... Moderate Unreviewed
CVE-2023-2993 was published Jun 26, 2023
If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a... High Unreviewed
CVE-2023-28161 was published Jun 2, 2023
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web... High Unreviewed
CVE-2023-31923 was published May 22, 2023
Remote code execution in Voyager Critical
CVE-2020-36070 was published for tcg/voyager (Composer) Apr 26, 2023
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders... Critical Unreviewed
CVE-2021-33990 was published Apr 16, 2023
runc AppArmor bypass with symlinked /proc Moderate
CVE-2023-28642 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
ssst0n3
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda
vantage6 vulnerable to Improper Preservation of Permissions Moderate
CVE-2023-22738 was published for vantage6 (pip) Feb 28, 2023
The bundle management module lacks permission verification in some APIs. Successful exploitation... High Unreviewed
CVE-2022-48301 was published Feb 9, 2023
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this... High Unreviewed
CVE-2022-48295 was published Feb 9, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this... Moderate Unreviewed
CVE-2022-48296 was published Feb 9, 2023
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web... High Unreviewed
CVE-2020-18329 was published Jan 26, 2023
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions ... High Unreviewed
CVE-2022-38473 was published Dec 22, 2022
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to... Moderate Unreviewed
CVE-2022-4326 was published Dec 21, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not... Moderate Unreviewed
CVE-2022-47547 was published Dec 19, 2022
ProTip! Advisories are also available from the GraphQL API