GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
832 advisories
Filter by severity
Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows...
Moderate
Unreviewed
CVE-2023-27305
was published
Nov 14, 2023
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
Incorrect default permissions in some Endurance Gaming Mode software installers before version 1...
Moderate
Unreviewed
CVE-2023-42433
was published
May 16, 2024
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may...
High
Unreviewed
CVE-2023-43629
was published
May 16, 2024
Incorrect default permissions in some onboard video driver software before version 1.14 for Intel...
Moderate
Unreviewed
CVE-2023-42668
was published
May 16, 2024
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may...
High
Unreviewed
CVE-2023-24460
was published
May 16, 2024
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to...
Unknown
Unreviewed
CVE-2024-4030
was published
May 7, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files,...
Moderate
Unreviewed
CVE-2023-4091
was published
Nov 3, 2023
Local privilege escalation due to insecure folder permissions. The following products are...
Moderate
Unreviewed
CVE-2024-34011
was published
Apr 29, 2024
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing...
High
Unreviewed
CVE-2023-23976
was published
Apr 24, 2024
Drupal Core Access bypass vulnerability
Moderate
CVE-2020-13667
was published
for
drupal/core
(Composer)
May 24, 2022
Incorrect Default Permissions in Beego
Moderate
CVE-2019-16355
was published
for
github.com/astaxie/beego
(Go)
May 24, 2022
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the...
High
Unreviewed
CVE-2020-12695
was published
May 24, 2022
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances...
Moderate
Unreviewed
CVE-2024-29967
was published
Apr 19, 2024
Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes...
Moderate
Unreviewed
CVE-2024-29962
was published
Apr 19, 2024
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved...
Moderate
Unreviewed
CVE-2024-21615
was published
Apr 12, 2024
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop...
High
Unreviewed
CVE-2023-27035
was published
May 2, 2023
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be...
High
Unreviewed
CVE-2022-30759
was published
May 2, 2023
Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an...
Moderate
Unreviewed
CVE-2023-2737
was published
Aug 16, 2023
A valid XCC user's local account permissions overrides their active directory permissions under...
High
Unreviewed
CVE-2023-29057
was published
Jul 6, 2023
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0...
Moderate
Unreviewed
CVE-2022-33877
was published
Jun 13, 2023
ProTip!
Advisories are also available from the
GraphQL API