GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
852 advisories
Filter by severity
In ContentService, there is a possible way to check if an account exists on the device due to a...
Moderate
Unreviewed
CVE-2022-20298
was published
Aug 13, 2022
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a...
Low
Unreviewed
CVE-2022-20311
was published
Aug 13, 2022
In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to...
Moderate
Unreviewed
CVE-2022-20312
was published
Aug 13, 2022
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE...
High
Unreviewed
CVE-2022-31251
was published
Sep 8, 2022
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary...
High
Unreviewed
CVE-2022-37173
was published
Aug 31, 2022
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions,...
High
Unreviewed
CVE-2022-3263
was published
Sep 25, 2022
In cta, there is a possible way to write permission usage records of an app due to a missing...
High
Unreviewed
CVE-2022-26429
was published
Aug 2, 2022
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a...
Moderate
Unreviewed
CVE-2020-6439
was published
May 24, 2022
parse-server's session object properties can be updated by foreign user if object ID is known
Moderate
CVE-2022-39225
was published
for
parse-server
(npm)
Sep 21, 2022
In Content, there is a possible way to learn about an account present on the device due to a...
Moderate
Unreviewed
CVE-2022-20294
was published
Aug 13, 2022
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a...
Moderate
Unreviewed
CVE-2020-6488
was published
May 24, 2022
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a...
Moderate
Unreviewed
CVE-2020-6431
was published
May 24, 2022
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a...
Moderate
Unreviewed
CVE-2020-6484
was published
May 24, 2022
Incorrect default permissions in the Intel(R) Support Android application before version v22.02...
Moderate
Unreviewed
CVE-2022-36367
was published
Nov 11, 2022
The preset launcher module has a permission verification vulnerability. Successful exploitation...
High
Unreviewed
CVE-2022-44561
was published
Nov 10, 2022
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows...
High
Unreviewed
CVE-2021-37289
was published
Aug 23, 2022
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak...
Moderate
Unreviewed
CVE-2010-4176
was published
May 17, 2022
An incorrect default permissions vulnerability was found in the mig-controller. Due to an...
Moderate
Unreviewed
CVE-2021-3948
was published
Feb 19, 2022
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a...
Low
Unreviewed
CVE-2020-0009
was published
May 24, 2022
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions...
High
Unreviewed
CVE-2022-33922
was published
Oct 13, 2022
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of...
High
Unreviewed
CVE-2022-0486
was published
May 18, 2022
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network...
High
Unreviewed
CVE-2022-0997
was published
May 18, 2022
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
Critical
Unreviewed
CVE-2022-28932
was published
May 24, 2022
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions,...
Moderate
Unreviewed
CVE-2018-7822
was published
May 24, 2022
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication...
Moderate
Unreviewed
CVE-2022-45118
was published
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API