GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
369 advisories
Filter by severity
It was found that rhnsd PID files are created as world-writable that allows local attackers to...
Moderate
Unreviewed
CVE-2017-7560
was published
May 13, 2022
In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong...
Moderate
Unreviewed
CVE-2017-9268
was published
May 13, 2022
A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2018-0392
was published
May 13, 2022
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific...
Moderate
Unreviewed
CVE-2018-12466
was published
May 13, 2022
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious...
Moderate
Unreviewed
CVE-2018-12467
was published
May 13, 2022
It was discovered that sos-collector does not properly set the default permissions of newly...
Moderate
Unreviewed
CVE-2018-14650
was published
May 13, 2022
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40...
Moderate
Unreviewed
CVE-2018-14825
was published
May 13, 2022
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and...
Moderate
Unreviewed
CVE-2018-1113
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies permissions for a security...
Moderate
Unreviewed
CVE-2018-1370
was published
May 13, 2022
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box...
Moderate
Unreviewed
CVE-2018-1420
was published
May 13, 2022
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user...
Moderate
Unreviewed
CVE-2018-1724
was published
May 13, 2022
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated...
Moderate
Unreviewed
CVE-2010-2116
was published
May 13, 2022
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files...
Moderate
Unreviewed
CVE-2018-13122
was published
May 13, 2022
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and...
Moderate
Unreviewed
CVE-2019-4093
was published
May 13, 2022
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files...
Moderate
Unreviewed
CVE-2019-0804
was published
May 13, 2022
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants...
Moderate
Unreviewed
CVE-2019-0588
was published
May 13, 2022
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an...
Moderate
Unreviewed
CVE-2019-0108
was published
May 13, 2022
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an...
Moderate
Unreviewed
CVE-2019-0111
was published
May 13, 2022
A permissions issue existed in which execute permission was incorrectly granted. This issue was...
Moderate
Unreviewed
CVE-2018-4178
was published
May 13, 2022
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS...
Moderate
Unreviewed
CVE-2018-18812
was published
May 13, 2022
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation...
Moderate
Unreviewed
CVE-2018-18495
was published
May 13, 2022
IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by...
Moderate
Unreviewed
CVE-2018-1787
was published
May 13, 2022
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a...
Moderate
Unreviewed
CVE-2018-16087
was published
May 13, 2022
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file...
Moderate
Unreviewed
CVE-2018-15768
was published
May 13, 2022
AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files...
Moderate
Unreviewed
CVE-2018-15809
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API