Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

852 advisories

Loading
In ContentService, there is a possible way to check if an account exists on the device due to a... Moderate Unreviewed
CVE-2022-20298 was published Aug 13, 2022
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a... Low Unreviewed
CVE-2022-20311 was published Aug 13, 2022
In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to... Moderate Unreviewed
CVE-2022-20312 was published Aug 13, 2022
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE... High Unreviewed
CVE-2022-31251 was published Sep 8, 2022
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary... High Unreviewed
CVE-2022-37173 was published Aug 31, 2022
The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions,... High Unreviewed
CVE-2022-3263 was published Sep 25, 2022
In cta, there is a possible way to write permission usage records of an app due to a missing... High Unreviewed
CVE-2022-26429 was published Aug 2, 2022
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6439 was published May 24, 2022
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
In Content, there is a possible way to learn about an account present on the device due to a... Moderate Unreviewed
CVE-2022-20294 was published Aug 13, 2022
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a... Moderate Unreviewed
CVE-2020-6488 was published May 24, 2022
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6431 was published May 24, 2022
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a... Moderate Unreviewed
CVE-2020-6484 was published May 24, 2022
Incorrect default permissions in the Intel(R) Support Android application before version v22.02... Moderate Unreviewed
CVE-2022-36367 was published Nov 11, 2022
The preset launcher module has a permission verification vulnerability. Successful exploitation... High Unreviewed
CVE-2022-44561 was published Nov 10, 2022
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows... High Unreviewed
CVE-2021-37289 was published Aug 23, 2022
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak... Moderate Unreviewed
CVE-2010-4176 was published May 17, 2022
An incorrect default permissions vulnerability was found in the mig-controller. Due to an... Moderate Unreviewed
CVE-2021-3948 was published Feb 19, 2022
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a... Low Unreviewed
CVE-2020-0009 was published May 24, 2022
Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions... High Unreviewed
CVE-2022-33922 was published Oct 13, 2022
Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of... High Unreviewed
CVE-2022-0486 was published May 18, 2022
Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network... High Unreviewed
CVE-2022-0997 was published May 18, 2022
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Critical Unreviewed
CVE-2022-28932 was published May 24, 2022
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions,... Moderate Unreviewed
CVE-2018-7822 was published May 24, 2022
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication... Moderate Unreviewed
CVE-2022-45118 was published Dec 8, 2022
ProTip! Advisories are also available from the GraphQL API