GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
MLflow's excessive directory permissions allow local privilege escalation
High
CVE-2024-27134
was published
for
mlflow
(pip)
Nov 25, 2024
Kubean vulnerable to cluster-level privilege escalation
High
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
Kubernetes sets incorrect permissions on Windows containers logs
High
CVE-2024-5321
was published
for
k8s.io/kubernetes
(Go)
Jul 18, 2024
Incorrect Default Permissions in Apache DolphinScheduler
High
CVE-2020-13922
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Feb 9, 2022
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Incorrect Default Permissions in Supervisor
High
CVE-2017-11610
was published
for
supervisor
(pip)
May 13, 2022
rtslib-fb weak permissions for /etc/target/saveconfig.json file
High
CVE-2020-14019
was published
for
rtslib-fb
(pip)
May 24, 2022
Duplicate Advisory: Apiman has insufficient checks for read permissions
High
GHSA-54r5-wr8x-x5v3
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Dec 20, 2022
•
withdrawn
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
Incorrect Default Permissions in keyring
High
CVE-2012-5578
was published
for
keyring
(pip)
Mar 10, 2020
Incorrect Default Permissions in keyring
High
CVE-2012-5577
was published
for
keyring
(pip)
Mar 11, 2020
JSNAPy allows unprivileged local users to alter files under the directory
High
CVE-2018-0023
was published
for
jsnapy
(pip)
Jul 12, 2018
Django Incorrect Default Permissions
High
CVE-2020-24583
was published
for
Django
(pip)
Mar 18, 2021
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
Incorrect Default Permissions in Cobbler
High
CVE-2021-45083
was published
for
cobbler
(pip)
Feb 21, 2022
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Incorrect Default Permissions in Apache Tomcat
High
CVE-2020-8022
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
•
withdrawn
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
Apache Tomcat may be started without proper security settings
High
CVE-2002-0493
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Jenkins temporary plugin file created with insecure permissions
High
CVE-2023-43496
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Incorrect Default Permissions in Binance tss-lib
High
CVE-2020-12118
was published
for
github.com/binance-chain/tss-lib
(Go)
Jun 29, 2021
Singularity insecure permissions
High
CVE-2019-19724
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API