Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

425 advisories

Loading
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions,... Moderate Unreviewed
CVE-2011-1435 was published May 13, 2022
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to... Moderate Unreviewed
CVE-2017-9505 was published May 13, 2022
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default... Moderate Unreviewed
CVE-2019-0683 was published May 13, 2022
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function... Moderate Unreviewed
CVE-2018-14335 was published May 13, 2022
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests,... Moderate Unreviewed
CVE-2011-4361 was published May 13, 2022
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change... Moderate Unreviewed
CVE-2013-4394 was published May 13, 2022
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10... Moderate Unreviewed
CVE-2019-3870 was published May 13, 2022
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages... Moderate Unreviewed
CVE-2013-4763 was published May 5, 2022
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure... Moderate Unreviewed
CVE-2001-0497 was published Apr 30, 2022
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype... Moderate Unreviewed
CVE-2004-1778 was published Apr 29, 2022
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker... Moderate Unreviewed
CVE-2022-28218 was published Apr 27, 2022
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175... Moderate Unreviewed
CVE-2021-3722 was published Apr 23, 2022
A improper permission configuration vulnerability in Xiaomi Content Center APP. This... Moderate Unreviewed
CVE-2020-14117 was published Apr 22, 2022
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking... Moderate Unreviewed
CVE-2011-1762 was published Apr 19, 2022
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local... Moderate Unreviewed
CVE-2022-27840 was published Apr 12, 2022
Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1... Moderate Unreviewed
CVE-2022-27960 was published Apr 11, 2022
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security... Moderate Unreviewed
CVE-2022-27958 was published Apr 11, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions... Moderate Unreviewed
CVE-2022-26855 was published Apr 9, 2022
A bug in CmpUserMgr component can lead to only partially applied security policies. This can... Moderate Unreviewed
CVE-2022-22518 was published Apr 8, 2022
In Settings Provider, there is a possible way to list values of non-readable global settings due... Moderate Unreviewed
CVE-2021-39747 was published Mar 31, 2022
In InputMethodEditor, there is a possible way to access some files accessible to Settings due to... Moderate Unreviewed
CVE-2021-39748 was published Mar 31, 2022
In Framework, there is a possible disclosure of the device owner package due to a missing... Moderate Unreviewed
CVE-2021-39770 was published Mar 31, 2022
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could... Moderate Unreviewed
CVE-2021-39779 was published Mar 31, 2022
In Device Policy, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39769 was published Mar 31, 2022
The vCenter Server contains an information disclosure vulnerability due to improper permission of... Moderate Unreviewed
CVE-2022-22948 was published Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database