Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Privilege Escalation in Channelmgnt plug-in for Sopel High
CVE-2020-15251 was published for sopel_plugins.channelmgnt (pip) Oct 13, 2020
RhinosF1
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
Apache Superset vulnerable to Improper Authorization Moderate
CVE-2023-27525 was published for apache-superset (pip) Apr 17, 2023
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Vyper has incorrectly allocated named re-entrancy locks Moderate
CVE-2023-39363 was published for vyper (pip) Aug 9, 2023
Defining resource name as integer may give unintended access in vantage6 Moderate
CVE-2023-28635 was published for vantage6 (pip) Oct 13, 2023
Apache Superset users may incorrectly create resources using the import charts feature Moderate
CVE-2023-27526 was published for apache-superset (pip) Sep 6, 2023
Sentry CORS misconfiguration Moderate
CVE-2023-36829 was published for sentry (pip) Jul 6, 2023
andr0idp4r4n0id
Apache Superset has incorrect authorization check Moderate
CVE-2023-32672 was published for apache-superset (pip) Sep 6, 2023
Apache Superset vulnerable to improper data authorization Moderate
CVE-2023-27523 was published for apache-superset (pip) Sep 6, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews Low
CVE-2023-32683 was published for matrix-synapse (pip) Jun 6, 2023
kiwi TCMS has possibility for user to update email address to unverified one Low
CVE-2023-30544 was published for kiwitcms (pip) Apr 24, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
Apache Superset - Elevation of Privilege High
CVE-2023-40610 was published for apache-superset (pip) Nov 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database