GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Moderate
CVE-2024-52522
was published
for
github.com/rclone/rclone
(Go)
Nov 19, 2024
SpiceDB exclusions can result in no permission returned when permission expected
Moderate
CVE-2024-38361
was published
for
github.com/authzed/spicedb
(Go)
Jun 20, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Low
CVE-2021-41089
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
AList vulnerable to Improper Preservation of Permissions
High
CVE-2022-45968
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
High
CVE-2021-43816
was published
for
github.com/containerd/containerd
(Go)
Jan 6, 2022
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Access control flaw in Kiali
High
CVE-2021-3495
was published
for
github.com/kiali/kiali
(Go)
Jun 8, 2021
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API