Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Django Incorrect Default Permissions High
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Django Incorrect Default Permissions High
CVE-2020-24583 was published for Django (pip) Mar 18, 2021
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Incorrect Default Permissions in Cobbler High
CVE-2021-45083 was published for cobbler (pip) Feb 21, 2022
tdunlap607
Incorrect Default Permissions in Apache DolphinScheduler Moderate
CVE-2020-13922 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Feb 9, 2022
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials Low
GHSA-gmrm-8fx4-66x7 was published for org.keycloak:keycloak-core (Maven) Jun 18, 2024 withdrawn
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
Kubernetes sets incorrect permissions on Windows containers logs Moderate
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
Incorrect Default Permissions in Apache Tomcat High
CVE-2020-8022 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022 withdrawn
westonsteimel
langchain_experimental Code Execution via Python REPL access High
CVE-2024-38459 was published for langchain-experimental (pip) Jun 16, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console Low
CVE-2024-5967 was published for org.keycloak:keycloak-ldap-federation (Maven) Jun 21, 2024
MarkLee131
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
nfpm has incorrect default permissions High
CVE-2023-32698 was published for github.com/goreleaser/nfpm (Go) May 24, 2023
oCHRISo caarlos0
djgilcrease
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks High
CVE-2020-9543 was published for manila (pip) May 24, 2022
Dolibarr Stored Cross-site Scripting Moderate
CVE-2020-13240 was published for dolibarr/dolibarr (Composer) May 24, 2022
Drupal Core Access bypass vulnerability Moderate
CVE-2020-13667 was published for drupal/core (Composer) May 24, 2022
Incorrect Default Permissions in Beego Moderate
CVE-2019-16355 was published for github.com/astaxie/beego (Go) May 24, 2022
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Apache Tomcat may be started without proper security settings High
CVE-2002-0493 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
ProTip! Advisories are also available from the GraphQL API