GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
560 advisories
Filter by severity
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain...
High
Unreviewed
CVE-2024-38456
was published
Sep 3, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability....
High
Unreviewed
CVE-2024-5930
was published
Aug 21, 2024
CVE-2024-7513 IMPACT
A code execution vulnerability exists in the affected product. The...
High
Unreviewed
CVE-2024-7513
was published
Aug 14, 2024
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local...
High
Unreviewed
CVE-2024-6619
was published
Aug 13, 2024
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain...
High
Unreviewed
CVE-2024-43199
was published
Aug 7, 2024
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware...
High
Unreviewed
CVE-2024-41720
was published
Aug 5, 2024
A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP...
High
Unreviewed
CVE-2024-31202
was published
Jul 31, 2024
A privilege escalation vulnerability exists in the affected products which could allow a...
High
Unreviewed
CVE-2024-6435
was published
Jul 16, 2024
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2...
High
Unreviewed
CVE-2024-28827
was published
Jul 10, 2024
Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate...
High
Unreviewed
CVE-2024-36821
was published
Jun 11, 2024
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all...
High
Unreviewed
CVE-2024-3668
was published
Jun 8, 2024
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2024-30369
was published
Jun 6, 2024
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges.
By tampering...
High
Unreviewed
CVE-2023-5936
was published
May 15, 2024
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows...
High
Unreviewed
CVE-2023-35841
was published
May 14, 2024
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
High
Unreviewed
CVE-2024-1486
was published
May 14, 2024
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a local user to gain elevated...
High
Unreviewed
CVE-2023-47712
was published
May 14, 2024
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation...
High
Unreviewed
CVE-2023-51579
was published
May 3, 2024
LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-40516
was published
May 3, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security...
High
Unreviewed
CVE-2024-24910
was published
Apr 18, 2024
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an...
High
Unreviewed
CVE-2024-25646
was published
Apr 9, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
ProTip!
Advisories are also available from the
GraphQL API