Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
Incorrect Default Permissions in Apache DolphinScheduler Moderate
CVE-2020-13922 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Feb 9, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
lamweili ranjit-git
Incorrect Default Permissions in Apache JSPWiki Critical
CVE-2021-44140 was published for org.apache.jspwiki:jspwiki-main (Maven) Nov 29, 2021
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system Moderate
CVE-2021-3917 was published for coreos-installer (Rust) Nov 8, 2021
xlejo
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Incorrect Default Permissions in Binance tss-lib High
CVE-2020-12118 was published for github.com/binance-chain/tss-lib (Go) Jun 29, 2021
Privilege escalation in rbac High
CVE-2021-22538 was published for github.com/google/exposure-notifications-verification-server (Go) May 21, 2021
Django Incorrect Default Permissions High
CVE-2020-24583 was published for Django (pip) Mar 18, 2021
Django Incorrect Default Permissions High
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Improper Authorization in Strapi High
CVE-2020-27665 was published for strapi-plugin-content-type-builder (npm) Oct 29, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5577 was published for keyring (pip) Mar 11, 2020
Incorrect Default Permissions in keyring High
CVE-2012-5578 was published for keyring (pip) Mar 10, 2020
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions Critical
CVE-2019-17383 was published for netaddr (RubyGems) Oct 14, 2019
stuarthannig
JSNAPy allows unprivileged local users to alter files under the directory High
CVE-2018-0023 was published for jsnapy (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database