Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,338 advisories

Loading
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework... Moderate Unreviewed
CVE-2025-3936 was published May 22, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework... High Unreviewed
CVE-2025-3944 was published May 22, 2025
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and... High Unreviewed
CVE-2025-45471 was published May 22, 2025
Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect... Moderate Unreviewed
CVE-2025-32915 was published May 22, 2025
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges... High Unreviewed
CVE-2025-45468 was published May 22, 2025
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and... High Unreviewed
CVE-2025-45472 was published May 22, 2025
A Privilege Escalation vulnerability has been found in ProactivaNet v3.24.0.0 from Grupo Espiral... High Unreviewed
CVE-2025-40672 was published May 26, 2025
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the... Moderate Unreviewed
CVE-2025-46802 was published May 26, 2025
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k yusuke-koyoshi
Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v... Moderate Unreviewed
CVE-2025-48747 was published May 28, 2025
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow... Moderate Unreviewed
CVE-2025-2503 was published May 30, 2025
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new... High Unreviewed
CVE-2025-20298 was published Jun 2, 2025
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform... Moderate Unreviewed
CVE-2024-45655 was published Jun 3, 2025
Local privilege escalation due to insecure folder permissions. The following products are... High Unreviewed
CVE-2025-48961 was published Jun 4, 2025
Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. Moderate Unreviewed
CVE-2025-52923 was published Jun 22, 2025
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with... Moderate Unreviewed
CVE-2024-11584 was published Jun 26, 2025
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of... High Unreviewed
CVE-2025-36537 was published Jun 26, 2025
Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper... Moderate Unreviewed
CVE-2025-5995 was published Jun 26, 2025
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build... Low Unreviewed
CVE-2025-52992 was published Jun 27, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin... High Unreviewed
CVE-2025-27446 was published Jul 6, 2025
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if... Moderate Unreviewed
CVE-2023-39338 was published Jul 12, 2025
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive... Moderate Unreviewed
CVE-2025-36104 was published Jul 12, 2025
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed
CVE-2017-20198 was published Jul 23, 2025
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues... Critical Unreviewed
CVE-2025-26469 was published Jul 28, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43247 was published Jul 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database