Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,380 advisories

Loading
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the... High Unreviewed
CVE-2025-61229 was published Dec 1, 2025
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Credited to G-Rath
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This... Moderate Unreviewed
CVE-2025-57850 was published Dec 2, 2025
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
Mattermost allows other users to determine when users had read channels via channel member objects Low
CVE-2025-55074 was published for github.com/mattermost/mattermost-server (Go) Nov 18, 2025
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable... Moderate Unreviewed
CVE-2017-7761 was published May 13, 2022
Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3... Moderate Unreviewed
CVE-2025-59485 was published Nov 25, 2025
The installation directory of LogStare Collector is configured with incorrect access permissions.... Moderate Unreviewed
CVE-2025-58097 was published Nov 21, 2025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects... High Unreviewed
CVE-2025-13025 was published Nov 11, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34333 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34332 was published Nov 19, 2025
XWiki AdminTools application doesn't set permissions on the AdminTools space Moderate
CVE-2025-54990 was published for com.xwiki.admintools:application-admintools (Maven) Nov 18, 2025
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without... Low Unreviewed
CVE-2025-12792 was published Nov 18, 2025
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly... Moderate Unreviewed
CVE-2025-13193 was published Nov 17, 2025
A use after free issue was addressed with improved memory management. This issue is fixed in... High Unreviewed
CVE-2025-24085 was published Jan 28, 2025
An improper default permission vulnerability was reported in Lenovo Dock Manager that, under... Moderate Unreviewed
CVE-2025-8421 was published Nov 12, 2025
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local... High Unreviewed
CVE-2025-8485 was published Nov 12, 2025
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system... High Unreviewed
CVE-2025-11567 was published Nov 12, 2025
Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring... High Unreviewed
CVE-2025-32091 was published Nov 11, 2025
Incorrect default permissions for some Intel(R) Thread Director Visualizer software before... Moderate Unreviewed
CVE-2025-31940 was published Nov 11, 2025
Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software... Moderate Unreviewed
CVE-2025-27711 was published Nov 11, 2025
Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8... Moderate Unreviewed
CVE-2025-27246 was published Nov 11, 2025
Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3:... Moderate Unreviewed
CVE-2025-30518 was published Nov 11, 2025
Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4... High Unreviewed
CVE-2025-10918 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database