Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

129 advisories

Loading
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API Moderate
CVE-2024-25605 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files High
CVE-2025-53945 was published for chainguard.dev/apko (Go) Jul 18, 2025
vishal-chdhry codyharris-h2o-ai
eslerm
Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled Moderate
CVE-2022-41414 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 7, 2022
Liferay Portal and Liferay DXP has incorrect default permissions for site members Moderate
CVE-2021-38268 was published for com.liferay.portal:release.dxp.bom (Maven) Mar 3, 2022
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups Moderate
CVE-2022-26595 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Apr 20, 2022
HashiCorp Vagrant has code injection vulnerability through default synced folders Moderate
CVE-2025-34075 was published for vagrant (RubyGems) Jul 2, 2025
Liferay Portal and Liferay DXP does not properly check user permission Moderate
CVE-2021-33327 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd-ui (RubyGems) Apr 4, 2023
kenhys
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions Moderate
CVE-2021-33333 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Don't Check Permissions of Pages Moderate
CVE-2021-33324 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
AnonySE26
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions Moderate
CVE-2021-33334 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Check Permissions Moderate
CVE-2021-29052 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42130 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
fal_sftp extension for TYPO3 uses weak permissions for sFTP driver files and folders Moderate
CVE-2014-8327 was published for co-stack/fal_sftp (Composer) May 17, 2022
Withdrawn Advisory: Mobile Security Framework (MobSF) Vulnerable to Insecure Permissions High
CVE-2023-42261 was published for mobsf (pip) Sep 22, 2023 withdrawn
AWS CDK CodePipeline: trusted entities are too broad Low
GHSA-5pq3-h73f-66hr was published for aws-cdk-lib (npm) Mar 24, 2025
snowflake-connector-python vulnerable to insecure cache files permissions Moderate
CVE-2025-24795 was published for snowflake-connector-python (pip) Jan 29, 2025
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database