Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

472 advisories

Loading
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder... Moderate Unreviewed
CVE-2024-25958 was published Mar 26, 2024
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The... Moderate Unreviewed
CVE-2024-22085 was published Mar 20, 2024
Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567... Moderate Unreviewed
CVE-2024-25654 was published Mar 18, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) ... Moderate Unreviewed
CVE-2024-1605 was published Mar 18, 2024
Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0... Moderate Unreviewed
CVE-2023-28389 was published Mar 14, 2024
Microsoft Defender Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2024-20671 was published Mar 12, 2024
A permissions issue was addressed to help ensure Personas are always protected This issue is... Moderate Unreviewed
CVE-2024-23295 was published Mar 8, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2024-23201 was published Mar 8, 2024
Phone information disclosure vulnerability Moderate
CVE-2024-22889 was published for Plone (pip) Mar 6, 2024
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows... Moderate Unreviewed
CVE-2024-20841 was published Mar 5, 2024
Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to... Moderate Unreviewed
CVE-2024-20830 was published Mar 5, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a... Moderate Unreviewed
CVE-2024-26302 was published Feb 28, 2024
Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2023-48678 was published Feb 27, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 17.1,... Moderate Unreviewed
CVE-2023-42953 was published Feb 21, 2024
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and... Moderate Unreviewed
CVE-2024-25605 was published Feb 20, 2024
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Moderate Unreviewed
CVE-2024-20921 was published Feb 17, 2024
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS... Moderate Unreviewed
CVE-2023-49721 was published Feb 15, 2024
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions... Moderate Unreviewed
CVE-2024-22430 was published Feb 1, 2024
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023... Moderate Unreviewed
CVE-2023-29081 was published Jan 26, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo... Moderate Unreviewed
CVE-2024-22301 was published Jan 24, 2024
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio... Moderate Unreviewed
CVE-2022-4964 was published Jan 24, 2024
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID... Moderate Unreviewed
CVE-2024-0770 was published Jan 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database