Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,010
Erlang
29
GitHub Actions
16
Go
1,802
Maven
5,000+
npm
3,551
NuGet
629
pip
3,145
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
Incorrect Default Permissions in keyring Moderate
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
JSNAPy allows unprivileged local users to alter files under the directory Moderate
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this... Moderate Unreviewed
CVE-2021-40059 was published Mar 11, 2022
Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18.1 has Insecure Permissions... Moderate Unreviewed
CVE-2021-44216 was published Mar 11, 2022
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow... Moderate Unreviewed
CVE-2021-44215 was published Mar 11, 2022
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission... Moderate Unreviewed
CVE-2021-32006 was published Mar 11, 2022
In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a... Moderate Unreviewed
CVE-2021-39705 was published Mar 17, 2022
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain... Moderate Unreviewed
CVE-2022-25570 was published Mar 22, 2022
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder... Moderate Unreviewed
CVE-2021-22571 was published Mar 19, 2022
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website... Moderate Unreviewed
CVE-2021-44751 was published Mar 26, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of... Moderate Unreviewed
CVE-2022-22948 was published Mar 30, 2022
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could... Moderate Unreviewed
CVE-2021-39779 was published Mar 31, 2022
In Framework, there is a possible disclosure of the device owner package due to a missing... Moderate Unreviewed
CVE-2021-39770 was published Mar 31, 2022
In Device Policy, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39769 was published Mar 31, 2022
In Settings Provider, there is a possible way to list values of non-readable global settings due... Moderate Unreviewed
CVE-2021-39747 was published Mar 31, 2022
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to... Moderate Unreviewed
CVE-2021-39748 was published Mar 31, 2022
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security... Moderate Unreviewed
CVE-2022-27958 was published Apr 11, 2022
A bug in CmpUserMgr component can lead to only partially applied security policies. This can... Moderate Unreviewed
CVE-2022-22518 was published Apr 8, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions... Moderate Unreviewed
CVE-2022-26855 was published Apr 9, 2022
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1... Moderate Unreviewed
CVE-2022-27960 was published Apr 11, 2022
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local... Moderate Unreviewed
CVE-2022-27840 was published Apr 12, 2022
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does... Moderate Unreviewed
CVE-2022-26595 was published Apr 20, 2022
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking... Moderate Unreviewed
CVE-2011-1762 was published Apr 19, 2022
Incorrect Default Permissions in CRI-O Moderate
CVE-2022-27652 was published for github.com/cri-o/cri-o (Go) Apr 22, 2022
AndrewGMorgan
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175... Moderate Unreviewed
CVE-2021-3722 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API