Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,872
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

648 advisories

Loading
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a... High Unreviewed
CVE-2025-22454 was published Mar 11, 2025
There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a... High Unreviewed
CVE-2025-1067 was published Feb 25, 2025
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local... High Unreviewed
CVE-2024-13813 was published Feb 11, 2025
A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC... High Unreviewed
CVE-2025-23403 was published Feb 11, 2025
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business... High Unreviewed
CVE-2025-0064 was published Feb 11, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
Balastrong
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability. High Unreviewed
CVE-2024-34897 was published Feb 3, 2025
An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an... High Unreviewed
CVE-2025-24527 was published Jan 29, 2025
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above.... High Unreviewed
CVE-2025-24481 was published Jan 28, 2025
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain... High Unreviewed
CVE-2024-57547 was published Jan 28, 2025
Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project... High Unreviewed
CVE-2024-46881 was published Jan 26, 2025
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile... High Unreviewed
CVE-2025-21564 was published Jan 21, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... High Unreviewed
CVE-2025-21571 was published Jan 21, 2025
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to ... High Unreviewed
CVE-2025-0590 was published Jan 20, 2025
Windows Secure Kernel Mode Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-21325 was published Jan 17, 2025
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain... High Unreviewed
CVE-2024-11497 was published Jan 14, 2025
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to... High Unreviewed
CVE-2024-55411 was published Jan 7, 2025
A flaw was found in the OpenShift build process, where the docker-build container is configured... High Unreviewed
CVE-2024-45497 was published Dec 31, 2024
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24... High Unreviewed
CVE-2024-12363 was published Dec 11, 2024
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local... High Unreviewed
CVE-2024-8540 was published Dec 10, 2024
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated... High Unreviewed
CVE-2024-7572 was published Dec 10, 2024
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated... High Unreviewed
CVE-2024-10256 was published Dec 10, 2024
A local low-level user on the server machine with credentials to the running OAS services can... High Unreviewed
CVE-2024-11220 was published Dec 6, 2024
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application ... High Unreviewed
CVE-2024-37574 was published Dec 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database