GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,964
Erlang
29
GitHub Actions
16
Go
1,746
Maven
4,974
npm
3,507
NuGet
609
pip
3,071
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
355 advisories
Filter by severity
Local privilege escalation due to insecure folder permissions. The following products are...
Moderate
Unreviewed
CVE-2024-34012
was published
Jun 14, 2024
An attacker with admin access can install rogue applications. As for the affected products/models...
Moderate
Unreviewed
CVE-2024-27180
was published
Jun 14, 2024
Microsoft Defender Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2024-20671
was published
Mar 12, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows...
Moderate
Unreviewed
CVE-2023-27305
was published
Nov 14, 2023
Incorrect default permissions in some Endurance Gaming Mode software installers before version 1...
Moderate
Unreviewed
CVE-2023-42433
was published
May 16, 2024
Incorrect default permissions in some onboard video driver software before version 1.14 for Intel...
Moderate
Unreviewed
CVE-2023-42668
was published
May 16, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files,...
Moderate
Unreviewed
CVE-2023-4091
was published
Nov 3, 2023
Local privilege escalation due to insecure folder permissions. The following products are...
Moderate
Unreviewed
CVE-2024-34011
was published
Apr 29, 2024
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Drupal Core Access bypass vulnerability
Moderate
CVE-2020-13667
was published
for
drupal/core
(Composer)
May 24, 2022
Incorrect Default Permissions in Beego
Moderate
CVE-2019-16355
was published
for
github.com/astaxie/beego
(Go)
May 24, 2022
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances...
Moderate
Unreviewed
CVE-2024-29967
was published
Apr 19, 2024
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes...
Moderate
Unreviewed
CVE-2024-29962
was published
Apr 19, 2024
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved...
Moderate
Unreviewed
CVE-2024-21615
was published
Apr 12, 2024
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an...
Moderate
Unreviewed
CVE-2023-2737
was published
Aug 16, 2023
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0...
Moderate
Unreviewed
CVE-2022-33877
was published
Jun 13, 2023
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged...
Moderate
Unreviewed
CVE-2023-23344
was published
Jun 23, 2023
A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura...
Moderate
Unreviewed
CVE-2023-28192
was published
May 8, 2023
A permissions issue was addressed with improved redaction of sensitive information. This issue is...
Moderate
Unreviewed
CVE-2023-34352
was published
Sep 6, 2023
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user...
Moderate
Unreviewed
CVE-2019-18367
was published
May 24, 2022
Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux...
Moderate
Unreviewed
CVE-2023-45690
was published
Oct 16, 2023
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in...
Moderate
Unreviewed
CVE-2023-4065
was published
Sep 27, 2023
ProTip!
Advisories are also available from the
GraphQL API