Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate Critical
CVE-2019-17134 was published for octavia (pip) May 24, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
Salt has insufficient argument validation in several modules Moderate
CVE-2013-4435 was published for salt (pip) May 17, 2022
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution High
CVE-2021-25315 was published for salt (pip) May 24, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api Critical
CVE-2018-15751 was published for salt (pip) May 13, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
SaltStack Salt Improper Authentication vulnerability Critical
CVE-2021-25281 was published for salt (pip) May 24, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers High
CVE-2009-0669 was published for ZODB3 (pip) May 2, 2022
anonymous4ACL24
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses dpgaspar
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients High
CVE-2021-31606 was published for openvpn-monitor (pip) May 24, 2022
python-kerberos vulnerable to KDC spoofing attacks High
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed Moderate
CVE-2012-4457 was published for Keystone (pip) May 14, 2022
Trytond allows modification of privileges of arbitrary users Moderate
CVE-2012-0215 was published for trytond (pip) May 4, 2022
ProTip! Advisories are also available from the GraphQL API