Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,872
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a... High Unreviewed
CVE-2025-27216 was published Aug 21, 2025
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
Permission control vulnerability in the distributed clipboard module. Impact: Successful... Moderate Unreviewed
CVE-2025-54618 was published Aug 6, 2025
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start... Critical Unreviewed
CVE-2025-8042 was published Aug 19, 2025
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they... Moderate Unreviewed
CVE-2025-1139 was published Aug 20, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18... Moderate Unreviewed
CVE-2025-5819 was published Aug 13, 2025
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel cipherboy
IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical... High Unreviewed
CVE-2019-4702 was published May 24, 2022
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file... High Unreviewed
CVE-2025-50675 was published Aug 7, 2025
LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows... Critical Unreviewed
CVE-2025-46093 was published Aug 5, 2025
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime... High Unreviewed
CVE-2025-41659 was published Aug 4, 2025
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest... Moderate Unreviewed
CVE-2025-23285 was published Aug 3, 2025
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view... Critical Unreviewed
CVE-2025-45150 was published Aug 1, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-43243 was published Jul 30, 2025
Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a... Critical Unreviewed
CVE-2014-125121 was published Jul 31, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43266 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43247 was published Jul 30, 2025
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows... High Unreviewed
CVE-2023-35841 was published May 14, 2024
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues... Critical Unreviewed
CVE-2025-26469 was published Jul 28, 2025
IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive... Moderate Unreviewed
CVE-2025-36104 was published Jul 12, 2025
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker... Critical Unreviewed
CVE-2017-20198 was published Jul 23, 2025
A flaw was found in the OpenShift build process, where the docker-build container is configured... High Unreviewed
CVE-2024-45497 was published Dec 31, 2024
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if... Moderate Unreviewed
CVE-2023-39338 was published Jul 12, 2025
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin... High Unreviewed
CVE-2025-27446 was published Jul 6, 2025
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build... Low Unreviewed
CVE-2025-52992 was published Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database