GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
GHSA-x7xj-jvwp-97rv
was published
for
github.com/rancher/rke2
(Go)
Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
CVE-2023-32197
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead...
Critical
Unreviewed
CVE-2024-10018
was published
Oct 16, 2024
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows...
Critical
Unreviewed
CVE-2024-24117
was published
Oct 2, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ...
Critical
Unreviewed
CVE-2024-8039
was published
Sep 16, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All...
Critical
Unreviewed
CVE-2024-41171
was published
Sep 10, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics...
Critical
Unreviewed
CVE-2024-5618
was published
Jul 18, 2024
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user...
Critical
Unreviewed
CVE-2024-5163
was published
Jun 17, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All...
Critical
Unreviewed
CVE-2024-33499
was published
May 14, 2024
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi...
Critical
Unreviewed
CVE-2024-33435
was published
Apr 29, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue...
Critical
Unreviewed
CVE-2024-3375
was published
Apr 29, 2024
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform...
Critical
Unreviewed
CVE-2024-21915
was published
Feb 16, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the...
Critical
Unreviewed
CVE-2023-46141
was published
Dec 14, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG,...
Critical
Unreviewed
CVE-2023-0757
was published
Dec 14, 2023
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on...
Critical
Unreviewed
CVE-2023-6593
was published
Dec 12, 2023
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability
Critical
Unreviewed
CVE-2023-40302
was published
Dec 7, 2023
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a...
Critical
Unreviewed
CVE-2023-49946
was published
Dec 3, 2023
EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource
Critical
Unreviewed
CVE-2023-42489
was published
Oct 25, 2023
Request to LDAP is sent before user permissions are checked.
Critical
Unreviewed
CVE-2023-32723
was published
Oct 12, 2023
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,...
Critical
Unreviewed
CVE-2023-40622
was published
Sep 13, 2023
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow...
Critical
Unreviewed
CVE-2023-39004
was published
Aug 9, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on...
Critical
Unreviewed
CVE-2023-0834
was published
Apr 28, 2023
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability...
Critical
Unreviewed
CVE-2023-24205
was published
Feb 24, 2023
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included...
Critical
Unreviewed
CVE-2022-28802
was published
Sep 22, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete...
Critical
Unreviewed
CVE-2021-22648
was published
Jul 29, 2022
ProTip!
Advisories are also available from the
GraphQL API