Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows... Low Unreviewed
CVE-2021-25515 was published Dec 9, 2021
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021... Low Unreviewed
CVE-2021-25513 was published Dec 9, 2021
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app... Low Unreviewed
CVE-2021-0992 was published Dec 16, 2021
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity... Low Unreviewed
CVE-2022-22266 was published Jan 11, 2022
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control... Low Unreviewed
CVE-2021-4016 was published Jan 22, 2022
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting... Low Unreviewed
CVE-2021-38129 was published Jan 26, 2022
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the... Low Unreviewed
CVE-2004-1349 was published Apr 29, 2022
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges,... Low Unreviewed
CVE-2002-0080 was published Apr 30, 2022
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel... Low Unreviewed
CVE-2014-9644 was published May 13, 2022
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel... Low Unreviewed
CVE-2013-7421 was published May 13, 2022
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that... Low Unreviewed
CVE-2017-10292 was published May 13, 2022
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could... Low Unreviewed
CVE-2017-1150 was published May 13, 2022
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a... Low Unreviewed
CVE-2017-5084 was published May 13, 2022
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive... Low Unreviewed
CVE-2019-4048 was published May 24, 2022
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored... Low Unreviewed
CVE-2019-4218 was published May 24, 2022
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored... Low Unreviewed
CVE-2019-4177 was published May 24, 2022
IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored... Low Unreviewed
CVE-2019-4174 was published May 24, 2022
IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be... Low Unreviewed
CVE-2019-4112 was published May 24, 2022
Improper directory permissions in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may... Low Unreviewed
CVE-2019-11154 was published May 24, 2022
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8... Low Unreviewed
CVE-2019-19783 was published May 24, 2022
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt... Low Unreviewed
CVE-2019-18899 was published May 24, 2022
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local... Low Unreviewed
CVE-2019-19119 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API