GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Salt has insufficient argument validation in several modules
Moderate
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
High
CVE-2009-0669
was published
for
ZODB3
(pip)
May 2, 2022
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
python-kerberos vulnerable to KDC spoofing attacks
High
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
Moderate
CVE-2012-4457
was published
for
Keystone
(pip)
May 14, 2022
Trytond allows modification of privileges of arbitrary users
Moderate
CVE-2012-0215
was published
for
trytond
(pip)
May 4, 2022
ProTip!
Advisories are also available from the
GraphQL API