Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

23 advisories

jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
Indy's NODE_UPGRADE transaction vulnerable to remote code execution Moderate
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
Improper Authentication in pip Moderate
CVE-2013-5123 was published for pip (pip) May 24, 2022
Improper Authentication in SaltStack Salt Moderate
CVE-2021-22004 was published for salt (pip) May 24, 2022
Ansible password prompts could expose passwords Moderate
CVE-2019-14856 was published for ansible (pip) May 24, 2022
Salt has insufficient argument validation in several modules Moderate
CVE-2013-4435 was published for salt (pip) May 17, 2022
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
OpenStack Neutron Improper Authentication vulnerability Moderate
CVE-2014-0056 was published for neutron (pip) May 17, 2022
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for django (pip) May 14, 2022
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed Moderate
CVE-2012-4457 was published for Keystone (pip) May 14, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
Trytond allows modification of privileges of arbitrary users Moderate
CVE-2012-0215 was published for trytond (pip) May 4, 2022
Zope DocumentTemplate package allows unauthenticated write Moderate
CVE-2000-0483 was published for zope (pip) May 3, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API