Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

52 advisories

Loading
The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. Critical Unreviewed
CVE-2021-44833 was published Dec 13, 2021
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote... Critical Unreviewed
CVE-2021-45003 was published Jan 11, 2022
eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. Critical Unreviewed
CVE-2021-46093 was published Feb 2, 2022
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu... Critical Unreviewed
CVE-2021-20001 was published Feb 12, 2022
ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify... Critical Unreviewed
CVE-2021-39635 was published Feb 12, 2022
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms... Critical Unreviewed
CVE-2021-39658 was published Feb 12, 2022
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious... Critical Unreviewed
CVE-2020-14521 was published Feb 12, 2022
There is a permission control vulnerability in the Nearby module. Successful exploitation of this... Critical Unreviewed
CVE-2021-40053 was published Mar 11, 2022
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product:... Critical Unreviewed
CVE-2017-0847 was published May 13, 2022
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with... Critical Unreviewed
CVE-2017-5642 was published May 13, 2022
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Critical Unreviewed
CVE-2022-28932 was published May 24, 2022
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Critical Unreviewed
CVE-2019-17124 was published May 24, 2022
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability.... Critical Unreviewed
CVE-2020-29492 was published May 24, 2022
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg)... Critical Unreviewed
CVE-2020-13452 was published May 24, 2022
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices.... Critical Unreviewed
CVE-2019-20468 was published May 24, 2022
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the... Critical Unreviewed
CVE-2021-24032 was published May 24, 2022
In the Zstandard command-line utility prior to v1.4.1, output files were created with default... Critical Unreviewed
CVE-2021-24031 was published May 24, 2022
Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9... Critical Unreviewed
CVE-2021-27193 was published May 24, 2022
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows... Critical Unreviewed
CVE-2020-28910 was published May 24, 2022
There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful... Critical Unreviewed
CVE-2021-22376 was published May 24, 2022
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow... Critical Unreviewed
CVE-2021-31217 was published May 24, 2022
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus... Critical Unreviewed
CVE-2021-37167 was published May 24, 2022
In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during... Critical Unreviewed
CVE-2021-39274 was published May 24, 2022
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. Critical Unreviewed
CVE-2021-36365 was published May 24, 2022
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. Critical Unreviewed
CVE-2021-36363 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API