GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,983
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be...
High
Unreviewed
CVE-2023-34322
was published
Jan 5, 2024
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a...
Moderate
Unreviewed
CVE-2023-26239
was published
Oct 5, 2023
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE...
High
Unreviewed
CVE-2023-5369
was published
Oct 4, 2023
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This...
High
Unreviewed
CVE-2022-0358
was published
Aug 29, 2022
Apache Superset allows authenticated users to access metadata they have no permission to
Moderate
CVE-2021-37839
was published
for
apache-superset
(pip)
Jul 7, 2022
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c...
High
Unreviewed
CVE-2021-36762
was published
May 24, 2022
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
Critical
Unreviewed
CVE-2020-24361
was published
May 24, 2022
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise...
Moderate
Unreviewed
CVE-2020-14300
was published
May 24, 2022
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053...
Moderate
Unreviewed
CVE-2020-14298
was published
May 24, 2022
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no...
High
Unreviewed
CVE-2019-20044
was published
May 24, 2022
Moodle does not revoke role capabilities correctly
Moderate
CVE-2019-14879
was published
for
moodle/moodle
(Composer)
May 24, 2022
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By...
High
Unreviewed
CVE-2019-18276
was published
May 24, 2022
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent...
High
Unreviewed
CVE-2015-0278
was published
May 14, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping...
Critical
Unreviewed
CVE-2017-6972
was published
May 13, 2022
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead...
High
Unreviewed
CVE-2018-16466
was published
May 13, 2022
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector...
High
Unreviewed
CVE-2018-8599
was published
May 13, 2022
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check...
Moderate
Unreviewed
CVE-2006-2916
was published
May 1, 2022
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation...
Moderate
Unreviewed
CVE-2021-3982
was published
Apr 30, 2022
Bitlbee does not drop extra group privileges correctly in unix.c
Critical
Unreviewed
CVE-2012-1187
was published
Apr 23, 2022
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to...
Critical
Unreviewed
CVE-2011-2921
was published
Apr 22, 2022
Improper Privilege Management in Apache Ozone
Critical
CVE-2021-36372
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
ProTip!
Advisories are also available from the
GraphQL API