GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
62 advisories
Filter by severity
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS...
Moderate
Unreviewed
CVE-2022-22650
was published
Mar 19, 2022
In hasNamedWallpaper of WallpaperManagerService.java, there is a possible way to determine...
Moderate
Unreviewed
CVE-2021-1025
was published
Dec 16, 2021
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a...
Moderate
Unreviewed
CVE-2021-0653
was published
Dec 16, 2021
In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This...
Moderate
Unreviewed
CVE-2021-1010
was published
Dec 16, 2021
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the...
Moderate
Unreviewed
CVE-2021-43708
was published
Apr 22, 2022
In updateNotification of BeamTransferManager.java, there is a missing permission check. This...
Moderate
Unreviewed
CVE-2021-0542
was published
May 24, 2022
The communication module has a vulnerability of improper permission preservation. Successful...
Moderate
Unreviewed
CVE-2022-31755
was published
Jun 14, 2022
Improper validation of permissions for third party application accessing Telephony service API...
Moderate
Unreviewed
CVE-2021-35079
was published
Jun 15, 2022
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because...
Moderate
Unreviewed
CVE-2022-32969
was published
Jun 30, 2022
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a...
Moderate
Unreviewed
CVE-2020-6564
was published
May 24, 2022
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not...
Moderate
Unreviewed
CVE-2022-47547
was published
Dec 19, 2022
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR...
Moderate
Unreviewed
CVE-2020-7063
was published
May 24, 2022
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions...
Moderate
Unreviewed
CVE-2020-13230
was published
May 24, 2022
In core networking, there is a missing permission check. This could lead to local information...
Moderate
Unreviewed
CVE-2020-0327
was published
May 24, 2022
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent....
Moderate
Unreviewed
CVE-2020-0269
was published
May 24, 2022
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This...
Moderate
Unreviewed
CVE-2020-0265
was published
May 24, 2022
In Settings, there is a possible permissions bypass. This could lead to local information...
Moderate
Unreviewed
CVE-2020-0331
was published
May 24, 2022
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow...
Moderate
Unreviewed
CVE-2020-12353
was published
May 24, 2022
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC...
Moderate
Unreviewed
CVE-2021-23963
was published
May 24, 2022
If certificates that signed grub are installed into db, grub can be booted directly. It will then...
Moderate
Unreviewed
CVE-2021-3418
was published
May 24, 2022
A ZTE product has an information leak vulnerability. Due to improper permission settings, an...
Moderate
Unreviewed
CVE-2021-21735
was published
May 24, 2022
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker...
Moderate
Unreviewed
CVE-2021-22382
was published
May 24, 2022
Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to...
Moderate
Unreviewed
CVE-2022-4326
was published
Dec 21, 2022
Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of...
Moderate
Unreviewed
CVE-2022-2787
was published
Aug 28, 2022
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with...
Moderate
Unreviewed
CVE-2021-39897
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API