GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
218 advisories
Filter by severity
Missing permission checks on Hazelcast client protocol
High
CVE-2023-45859
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 27, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
vantage6 vulnerable to Improper Preservation of Permissions
High
CVE-2023-22738
was published
for
vantage6
(pip)
Feb 28, 2023
SpiceDB exclusions can result in no permission returned when permission expected
Moderate
CVE-2024-38361
was published
for
github.com/authzed/spicedb
(Go)
Jun 20, 2024
Potential vulnerabilities have been identified in the HP Display Control software component...
Moderate
Unreviewed
CVE-2024-29080
was published
Jul 19, 2024
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Moderate
CVE-2024-28152
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Mar 6, 2024
Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6...
Moderate
Unreviewed
CVE-2024-33921
was published
May 3, 2024
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when...
Moderate
Unreviewed
CVE-2024-23560
was published
Apr 15, 2024
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL...
Moderate
Unreviewed
CVE-2023-49932
was published
Feb 29, 2024
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop...
Moderate
Unreviewed
CVE-2024-3545
was published
Apr 9, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or ...
High
Unreviewed
CVE-2024-10458
was published
Oct 29, 2024
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions ...
High
Unreviewed
CVE-2022-38473
was published
Dec 22, 2022
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated...
Moderate
Unreviewed
CVE-2024-9333
was published
Oct 2, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2024-44188
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2024-40859
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-44149
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-40770
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2024-40831
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
Moderate
Unreviewed
CVE-2024-27858
was published
Sep 17, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
High
Unreviewed
CVE-2024-27795
was published
Sep 17, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
SaToken privilege escalation vulnerability
Critical
CVE-2023-44794
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Ansible Arbitrary File Overwrite Vulnerability
Moderate
CVE-2013-4260
was published
for
ansible
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API