Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
GHSA-x7xj-jvwp-97rv was published for github.com/rancher/rke2 (Go) Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists Critical
CVE-2023-32197 was published for github.com/rancher/rancher (Go) Oct 25, 2024
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead... Critical Unreviewed
CVE-2024-10018 was published Oct 16, 2024
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows... Critical Unreviewed
CVE-2024-24117 was published Oct 2, 2024
Improper permission configurationDomain configuration vulnerability of the mobile application ... Critical Unreviewed
CVE-2024-8039 was published Sep 16, 2024
A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All... Critical Unreviewed
CVE-2024-41171 was published Sep 10, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics... Critical Unreviewed
CVE-2024-5618 was published Jul 18, 2024
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user... Critical Unreviewed
CVE-2024-5163 was published Jun 17, 2024
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All... Critical Unreviewed
CVE-2024-33499 was published May 14, 2024
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi... Critical Unreviewed
CVE-2024-33435 was published Apr 29, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue... Critical Unreviewed
CVE-2024-3375 was published Apr 29, 2024
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform... Critical Unreviewed
CVE-2024-21915 was published Feb 16, 2024
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the... Critical Unreviewed
CVE-2023-46141 was published Dec 14, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG,... Critical Unreviewed
CVE-2023-0757 was published Dec 14, 2023
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on... Critical Unreviewed
CVE-2023-6593 was published Dec 12, 2023
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability Critical Unreviewed
CVE-2023-40302 was published Dec 7, 2023
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a... Critical Unreviewed
CVE-2023-49946 was published Dec 3, 2023
EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource Critical Unreviewed
CVE-2023-42489 was published Oct 25, 2023
Request to LDAP is sent before user permissions are checked. Critical Unreviewed
CVE-2023-32723 was published Oct 12, 2023
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430,... Critical Unreviewed
CVE-2023-40622 was published Sep 13, 2023
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow... Critical Unreviewed
CVE-2023-39004 was published Aug 9, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on... Critical Unreviewed
CVE-2023-0834 was published Apr 28, 2023
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-24205 was published Feb 24, 2023
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included... Critical Unreviewed
CVE-2022-28802 was published Sep 22, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed
CVE-2021-22648 was published Jul 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database