Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Apache Airflow: Bypass permission verification to read code of other dags Moderate
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room Moderate
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
MoinMoin improper access control on the included page for the rst parser Moderate
CVE-2008-6548 was published for moin (pip) May 17, 2022
saleor Missing Authorization vulnerability Moderate
CVE-2022-0932 was published for saleor (pip) Mar 12, 2022
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible High
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Tryton Improper Access Control Moderate
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
ProTip! Advisories are also available from the GraphQL API