GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,176 advisories
Filter by severity
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could...
Moderate
Unreviewed
CVE-2024-6360
was published
Oct 2, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive...
Low
Unreviewed
CVE-2022-43845
was published
Sep 25, 2024
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain...
High
Unreviewed
CVE-2024-8900
was published
Sep 17, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ...
Critical
Unreviewed
CVE-2024-8039
was published
Sep 16, 2024
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS...
Low
Unreviewed
CVE-2024-44575
was published
Sep 11, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All...
Critical
Unreviewed
CVE-2024-41171
was published
Sep 10, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain...
High
Unreviewed
CVE-2024-38456
was published
Sep 3, 2024
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local...
Moderate
Unreviewed
CVE-2023-49582
was published
Aug 26, 2024
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0,...
Moderate
Unreviewed
CVE-2022-43915
was published
Aug 24, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat...
Moderate
Unreviewed
CVE-2024-7986
was published
Aug 23, 2024
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2024-5930
was published
Aug 21, 2024
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The...
High
Unreviewed
CVE-2024-7513
was published
Aug 14, 2024
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows...
Moderate
Unreviewed
CVE-2024-5915
was published
Aug 14, 2024
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before...
Moderate
Unreviewed
CVE-2024-25561
was published
Aug 14, 2024
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before...
Moderate
Unreviewed
CVE-2024-23908
was published
Aug 14, 2024
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local...
High
Unreviewed
CVE-2024-6619
was published
Aug 13, 2024
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain...
High
Unreviewed
CVE-2024-43199
was published
Aug 7, 2024
Kubean vulnerable to cluster-level privilege escalation
High
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware...
High
Unreviewed
CVE-2024-41720
was published
Aug 5, 2024
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP...
High
Unreviewed
CVE-2024-31202
was published
Jul 31, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could...
Low
Unreviewed
CVE-2022-33167
was published
Jul 30, 2024
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for...
Moderate
Unreviewed
CVE-2024-41685
was published
Jul 26, 2024
ProTip!
Advisories are also available from the
GraphQL API