Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique... Low Unreviewed
CVE-2026-6499 was published May 4, 2026
GNU nano creates the user’s ~/.local directory with overly permissive permissions when the... Low Unreviewed
CVE-2026-40556 was published Apr 28, 2026
uutils coreutils has an Incorrect Permission Assignment for Critical Resource Low
CVE-2026-35367 was published for coreutils (Rust) Apr 22, 2026
A flaw was found in nano. In environments with permissive umask settings, a local attacker can... Low Unreviewed
CVE-2026-6842 was published Apr 22, 2026
--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: ... Low Unreviewed
CVE-2026-21727 was published Apr 15, 2026
OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix) Low
CVE-2026-41911 was published for openclaw (npm) Apr 9, 2026
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission... Low Unreviewed
CVE-2026-28264 was published Apr 8, 2026
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()`... Low Unreviewed
CVE-2026-21715 was published Mar 30, 2026
When a certificate and its private key are installed in the Windows machine certificate store... Low Unreviewed
CVE-2026-4761 was published Mar 25, 2026
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory,... Low Unreviewed
CVE-2025-68462 was published Dec 18, 2025
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4).... Low Unreviewed
CVE-2025-40818 was published Dec 9, 2025
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged... Low Unreviewed
CVE-2025-0164 was published Sep 14, 2025
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build... Low Unreviewed
CVE-2025-52992 was published Jun 27, 2025
Fess has Insecure Temporary File Permissions Low
CVE-2025-48382 was published for org.codelibs.fess:fess (Maven) May 27, 2025
simei2k Credited to simei2k and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the ... Low Unreviewed
CVE-2025-20233 was published Mar 27, 2025
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the... Low Unreviewed
CVE-2024-52328 was published Jan 23, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). ... Low Unreviewed
CVE-2025-21520 was published Jan 21, 2025
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type Low
GHSA-27vq-hv74-7cqp was published for surrealdb (Rust) Dec 16, 2024
AlbertMarashi Credited to AlbertMarashi
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path... Low Unreviewed
CVE-2024-10228 was published Oct 30, 2024
Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier... Low Unreviewed
CVE-2024-46897 was published Oct 18, 2024
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive... Low Unreviewed
CVE-2022-43845 was published Sep 25, 2024
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS... Low Unreviewed
CVE-2024-44575 was published Sep 11, 2024
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could... Low Unreviewed
CVE-2022-33167 was published Jul 30, 2024
Improper permission control in the mobile application (com.android.server.telecom) may lead to... Low Unreviewed
CVE-2024-6780 was published Jul 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database