Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Snipe-IT has Privilege Escalation via API Permissions Assignment High
CVE-2026-44832 was published for snipe/snipe-it (Composer) May 8, 2026
lorenzofradeani Credited to lorenzofradeani
uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries Moderate
CVE-2026-35351 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails Moderate
CVE-2026-35350 was published for coreutils (Rust) Apr 22, 2026
uutils coreutils has an Improper Preservation of Permissions issue Low
CVE-2026-35361 was published for coreutils (Rust) Apr 22, 2026
Rancher user retains access to clusters despite Global Role removal Moderate
CVE-2023-32199 was published for github.com/rancher/rancher (Go) Oct 24, 2025
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
snowflake-sdk may incorrectly validate temporary credential cache file permissions Moderate
CVE-2025-24791 was published for snowflake-sdk (npm) Jan 29, 2025
RuoYi vulnerable to Denial of Service by attackers with admin privileges Moderate
CVE-2024-57439 was published for com.ruoyi:ruoyi (Maven) Jan 29, 2025
gix-worktree-state nonexclusive checkout sets executable files world-writable Moderate
CVE-2025-22620 was published for gix-worktree-state (Rust) Jan 21, 2025
EliahKagan Credited to EliahKagan
Insecure default config access in WriteFreely High
CVE-2025-24337 was published for github.com/writefreely/writefreely (Go) Jan 20, 2025
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z Credited to N-o-Z
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata Moderate
CVE-2024-52522 was published for github.com/rclone/rclone (Go) Nov 19, 2024
hakong Credited to hakong and ncw ncw ncw
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
AnonySE26 Credited to AnonySE26
SpiceDB exclusions can result in no permission returned when permission expected Moderate
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr Credited to LevanaXr and ssst0n3 ssst0n3 ssst0n3
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Quarkus: security checks in resteasy reactive may trigger a denial of service Moderate
CVE-2024-1726 was published for io.quarkus.resteasy.reactive:resteasy-reactive (Maven) Apr 25, 2024
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu Credited to ezrizhu
Apache Airflow Improper Preservation of Permissions vulnerability Moderate
CVE-2024-29735 was published for apache-airflow (pip) Mar 26, 2024
Apache Airflow: Ignored Airflow Permission Moderate
CVE-2024-28746 was published for apache-airflow (pip) Mar 14, 2024
oscerd Credited to oscerd
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests Moderate
CVE-2024-28152 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Mar 6, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
jorditpuig Credited to jorditpuig
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm Credited to joanbm, AlonZa, and neersighted AlonZa AlonZa
neersighted neersighted
Improper Preservation of Permissions in etcd Moderate
CVE-2020-15113 was published for github.com/etcd-io/etcd (Go) Jan 30, 2024
SaToken privilege escalation vulnerability Critical
CVE-2023-44794 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database