Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

411 advisories

Loading
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6439 was published May 24, 2022
Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6441 was published May 24, 2022
Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a... Moderate Unreviewed
CVE-2020-6431 was published May 24, 2022
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to... Moderate Unreviewed
CVE-2019-4001 was published May 24, 2022
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15... Moderate Unreviewed
CVE-2020-0508 was published May 24, 2022
In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user... Moderate Unreviewed
CVE-2020-0023 was published May 24, 2022
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0... Moderate Unreviewed
CVE-2019-20106 was published May 24, 2022
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for... Moderate Unreviewed
CVE-2019-17103 was published May 24, 2022
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory,... Moderate Unreviewed
CVE-2019-18895 was published May 24, 2022
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense... Moderate Unreviewed
CVE-2019-1982 was published May 24, 2022
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass... Moderate Unreviewed
CVE-2019-12752 was published May 24, 2022
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user... Moderate Unreviewed
CVE-2019-18367 was published May 24, 2022
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the... Moderate Unreviewed
CVE-2019-18369 was published May 24, 2022
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View... Moderate Unreviewed
CVE-2019-18366 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Moderate Unreviewed
CVE-2019-14925 was published May 24, 2022
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow... Moderate Unreviewed
CVE-2019-15962 was published May 24, 2022
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes... Moderate Unreviewed
CVE-2019-11738 was published May 24, 2022
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. Moderate Unreviewed
CVE-2019-16183 was published May 24, 2022
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for... Moderate Unreviewed
CVE-2019-15716 was published May 24, 2022
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions,... Moderate Unreviewed
CVE-2018-7822 was published May 24, 2022
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows... Moderate Unreviewed
CVE-2014-7301 was published May 17, 2022
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak... Moderate Unreviewed
CVE-2010-4176 was published May 17, 2022
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes... Moderate Unreviewed
CVE-2022-30375 was published May 14, 2022
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f... Moderate Unreviewed
CVE-2022-30367 was published May 14, 2022
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM... Moderate Unreviewed
CVE-2018-9085 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database