Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+

360 advisories

Loading
JSNAPy allows unprivileged local users to alter files under the directory Moderate
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
Django allows unintended model editing Moderate
CVE-2019-19118 was published for django (pip) Dec 4, 2019
sunSUNQ
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
Incorrect Default Permissions in keyring Moderate
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system Moderate
CVE-2021-3917 was published for coreos-installer (Rust) Nov 8, 2021
xlejo
In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of... Moderate Unreviewed
CVE-2021-0979 was published Dec 16, 2021
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability ... Moderate Unreviewed
CVE-2021-37132 was published Jan 4, 2022
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
lamweili ranjit-git
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure... Moderate Unreviewed
CVE-2022-22296 was published Jan 25, 2022
OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high... Moderate Unreviewed
CVE-2021-46085 was published Jan 26, 2022
An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability... Moderate Unreviewed
CVE-2021-40415 was published Jan 29, 2022
Incorrect Default Permissions in Apache DolphinScheduler Moderate
CVE-2020-13922 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 9, 2022
Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may... Moderate Unreviewed
CVE-2021-33166 was published Feb 11, 2022
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged... Moderate Unreviewed
CVE-2021-0093 was published Feb 11, 2022
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware... Moderate Unreviewed
CVE-2022-23996 was published Feb 12, 2022
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to... Moderate Unreviewed
CVE-2022-23995 was published Feb 12, 2022
In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. Moderate Unreviewed
CVE-2022-24301 was published Feb 15, 2022
An incorrect default permissions vulnerability was found in the mig-controller. Due to an... Moderate Unreviewed
CVE-2021-3948 was published Feb 19, 2022
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying... Moderate Unreviewed
CVE-2021-3155 was published Feb 19, 2022
There is an improper permission management vulnerability in the Wallet apps. Successful... Moderate Unreviewed
CVE-2021-37103 was published Feb 26, 2022
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only... Moderate Unreviewed
CVE-2022-24343 was published Feb 26, 2022
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked... Moderate Unreviewed
CVE-2022-24337 was published Feb 26, 2022
User login denial of service in github.com/google/fscrypt Moderate
CVE-2022-25327 was published for github.com/google/fscrypt (Go) Feb 26, 2022
tdunlap607
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin... Moderate Unreviewed
CVE-2021-46270 was published Mar 3, 2022
ProTip! Advisories are also available from the GraphQL API