Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,983
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21 advisories

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be... High Unreviewed
CVE-2023-34322 was published Jan 5, 2024
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a... Moderate Unreviewed
CVE-2023-26239 was published Oct 5, 2023
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE... High Unreviewed
CVE-2023-5369 was published Oct 4, 2023
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This... High Unreviewed
CVE-2022-0358 was published Aug 29, 2022
Apache Superset allows authenticated users to access metadata they have no permission to Moderate
CVE-2021-37839 was published for apache-superset (pip) Jul 7, 2022
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c... High Unreviewed
CVE-2021-36762 was published May 24, 2022
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. Critical Unreviewed
CVE-2020-24361 was published May 24, 2022
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise... Moderate Unreviewed
CVE-2020-14300 was published May 24, 2022
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053... Moderate Unreviewed
CVE-2020-14298 was published May 24, 2022
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no... High Unreviewed
CVE-2019-20044 was published May 24, 2022
Moodle does not revoke role capabilities correctly Moderate
CVE-2019-14879 was published for moodle/moodle (Composer) May 24, 2022
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By... High Unreviewed
CVE-2019-18276 was published May 24, 2022
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent... High Unreviewed
CVE-2015-0278 was published May 14, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping... Critical Unreviewed
CVE-2017-6972 was published May 13, 2022
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead... High Unreviewed
CVE-2018-16466 was published May 13, 2022
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector... High Unreviewed
CVE-2018-8599 was published May 13, 2022
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check... Moderate Unreviewed
CVE-2006-2916 was published May 1, 2022
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation... Moderate Unreviewed
CVE-2021-3982 was published Apr 30, 2022
Bitlbee does not drop extra group privileges correctly in unix.c Critical Unreviewed
CVE-2012-1187 was published Apr 23, 2022
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to... Critical Unreviewed
CVE-2011-2921 was published Apr 22, 2022
Improper Privilege Management in Apache Ozone Critical
CVE-2021-36372 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API