Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,883
Maven
5,000+
npm
4,522
NuGet
785
pip
4,262
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,396 advisories

Loading
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege... High Unreviewed
CVE-2025-13905 was published Jan 29, 2026
AutoGPT is Vulnerable to RCE via Disabled Block Execution High
CVE-2026-24780 was published for agpt (pip) Jan 29, 2026
rahulgovind
Credited to rahulgovind
Local privilege escalation due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2026-0705 was published Jan 27, 2026
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows... High Unreviewed
CVE-2025-67230 was published Jan 23, 2026
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent,... Moderate Unreviewed
CVE-2025-15523 was published Jan 22, 2026
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2021-47852 was published Jan 21, 2026
A flaw in Node.js's permission model allows a file's access and modification timestamps to be... Low Unreviewed
CVE-2025-55132 was published Jan 20, 2026
Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode Low
CVE-2026-23634 was published for pepr (npm) Jan 15, 2026
tghastings
Credited to tghastings
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated... High Unreviewed
CVE-2021-47761 was published Jan 15, 2026
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for... Moderate Unreviewed
CVE-2025-67813 was published Jan 12, 2026
An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless... Critical Unreviewed
CVE-2025-60262 was published Jan 6, 2026
The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions, High Unreviewed
CVE-2025-53398 was published Dec 17, 2025
An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for... High Unreviewed
CVE-2025-53919 was published Dec 17, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43519 was published Dec 12, 2025
An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a... High Unreviewed
CVE-2025-13155 was published Dec 10, 2025
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. High Unreviewed
CVE-2025-59030 was published Dec 9, 2025
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This... Moderate Unreviewed
CVE-2025-57850 was published Dec 2, 2025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the... High Unreviewed
CVE-2025-61229 was published Dec 1, 2025
Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3... Moderate Unreviewed
CVE-2025-59485 was published Nov 25, 2025
The installation directory of LogStare Collector is configured with incorrect access permissions.... Moderate Unreviewed
CVE-2025-58097 was published Nov 21, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34333 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34332 was published Nov 19, 2025
Mattermost allows other users to determine when users had read channels via channel member objects Low
CVE-2025-55074 was published for github.com/mattermost/mattermost-server (Go) Nov 18, 2025
XWiki AdminTools application doesn't set permissions on the AdminTools space Moderate
CVE-2025-54990 was published for com.xwiki.admintools:application-admintools (Maven) Nov 18, 2025
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without... Low Unreviewed
CVE-2025-12792 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database