GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By...
High
Unreviewed
CVE-2019-18276
was published
May 24, 2022
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This...
High
Unreviewed
CVE-2022-0358
was published
Aug 29, 2022
Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation...
Moderate
Unreviewed
CVE-2021-3982
was published
Apr 30, 2022
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector...
High
Unreviewed
CVE-2018-8599
was published
May 13, 2022
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead...
High
Unreviewed
CVE-2018-16466
was published
May 13, 2022
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no...
High
Unreviewed
CVE-2019-20044
was published
May 24, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping...
Critical
Unreviewed
CVE-2017-6972
was published
May 13, 2022
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
Critical
Unreviewed
CVE-2020-24361
was published
May 24, 2022
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053...
Moderate
Unreviewed
CVE-2020-14298
was published
May 24, 2022
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise...
Moderate
Unreviewed
CVE-2020-14300
was published
May 24, 2022
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent...
High
Unreviewed
CVE-2015-0278
was published
May 14, 2022
Moodle does not revoke role capabilities correctly
Moderate
CVE-2019-14879
was published
for
moodle/moodle
(Composer)
May 24, 2022
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c...
High
Unreviewed
CVE-2021-36762
was published
May 24, 2022
Apache Superset allows authenticated users to access metadata they have no permission to
Moderate
CVE-2021-37839
was published
for
apache-superset
(pip)
Jul 7, 2022
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE...
High
Unreviewed
CVE-2023-5369
was published
Oct 4, 2023
For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be...
High
Unreviewed
CVE-2023-34322
was published
Jan 5, 2024
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check...
Moderate
Unreviewed
CVE-2006-2916
was published
May 1, 2022
Improper Privilege Management in Apache Ozone
Critical
CVE-2021-36372
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to...
Critical
Unreviewed
CVE-2011-2921
was published
Apr 22, 2022
Bitlbee does not drop extra group privileges correctly in unix.c
Critical
Unreviewed
CVE-2012-1187
was published
Apr 23, 2022
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a...
Moderate
Unreviewed
CVE-2023-26239
was published
Oct 5, 2023
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network...
High
Unreviewed
CVE-2024-38813
was published
Sep 17, 2024
Internal browser event interfaces were exposed to web content when privileged EventHandler...
High
Unreviewed
CVE-2024-8382
was published
Sep 3, 2024
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during...
High
Unreviewed
CVE-2023-35692
was published
Jul 14, 2023
ProTip!
Advisories are also available from the
GraphQL API