Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

508 advisories

Loading
Incorrect Permission Assignment for Critical Resource in Node High Unreviewed
CVE-2021-22921 was published Jul 13, 2021
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for... High Unreviewed
CVE-2021-0064 was published Nov 18, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation... High Unreviewed
CVE-2021-43019 was published Nov 24, 2021
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to... High Unreviewed
CVE-2021-40101 was published Dec 1, 2021
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access... High Unreviewed
CVE-2021-43359 was published Dec 2, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file... High Unreviewed
CVE-2021-43034 was published Dec 7, 2021
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a... High Unreviewed
CVE-2021-44512 was published Dec 8, 2021
In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This... High Unreviewed
CVE-2021-0904 was published Dec 16, 2021
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE... High Unreviewed
CVE-2021-42309 was published Dec 16, 2021
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited... High Unreviewed
CVE-2021-27445 was published Dec 22, 2021
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition... High Unreviewed
CVE-2021-20874 was published Dec 25, 2021
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default... High Unreviewed
CVE-2021-23244 was published Dec 28, 2021
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges,... High Unreviewed
CVE-2021-42562 was published Jan 13, 2022
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID... High Unreviewed
CVE-2022-23132 was published Jan 14, 2022
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers... High Unreviewed
CVE-2022-0270 was published Jan 26, 2022
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before... High Unreviewed
CVE-2021-46561 was published Feb 8, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M... High Unreviewed
CVE-2021-22284 was published Feb 10, 2022
There is an improper security permission configuration vulnerability on ACPU.Successful... High Unreviewed
CVE-2021-39992 was published Feb 11, 2022
Local privilege escalation due to insecure folder permissions. The following products are... High Unreviewed
CVE-2022-0483 was published Feb 12, 2022
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This... High Unreviewed
CVE-2022-25335 was published Feb 19, 2022
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support... High Unreviewed
CVE-2020-25718 was published Feb 19, 2022
In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with... High Unreviewed
CVE-2022-24327 was published Feb 26, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling... High Unreviewed
CVE-2021-4199 was published Mar 8, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the "... High Unreviewed
CVE-2021-42855 was published Mar 11, 2022
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU... High Unreviewed
CVE-2022-21819 was published Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API