GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
ZenML Server Remote Privilege Escalation Vulnerability
Moderate
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
OpenStack Compute (Nova) Improper Access Control
Moderate
CVE-2015-2687
was published
for
nova
(pip)
May 17, 2022
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
Plone Privilege escalation through exposed underlying API
Moderate
CVE-2013-7061
was published
for
Plone
(pip)
May 17, 2022
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
OctoPrint Incorrect Access Control
Moderate
CVE-2021-32560
was published
for
octoprint
(pip)
May 24, 2022
GNU Mailman Postorius Access Control Issues
Moderate
CVE-2021-40347
was published
for
postorius
(pip)
May 24, 2022
Roundup xml-rpc server improper check of property permissions
Moderate
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
Openstack Octavia Access Control Vulnerability
Moderate
CVE-2019-3895
was published
for
octavia
(pip)
May 24, 2022
Zope does not properly verify the access for objects with proxy roles
High
CVE-2002-0170
was published
for
zope
(pip)
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API