GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Permissions not properly checked in Invenio-Drafts-Resources
Moderate
CVE-2021-43781
was published
for
invenio-app-rdm
(pip)
Dec 6, 2021
Access control issue in AlekSIS-Core
Moderate
CVE-2022-29773
was published
for
aleksis-core
(pip)
Jun 4, 2022
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Possible pod name collisions in jupyterhub-kubespawner
Moderate
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
Invalid root may become trusted root in The Update Framework (TUF)
High
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Barbican authorization flaw before v14.0.0
High
CVE-2022-23451
was published
for
barbican
(pip)
Sep 7, 2022
Apache Superset vulnerable to Improper Authorization
Moderate
CVE-2023-27525
was published
for
apache-superset
(pip)
Apr 17, 2023
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
Salt's PAM auth fails to reject locked accounts
High
CVE-2022-22967
was published
for
salt
(pip)
Jun 25, 2022
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
Vyper has incorrectly allocated named re-entrancy locks
Moderate
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Defining resource name as integer may give unintended access in vantage6
Moderate
CVE-2023-28635
was published
for
vantage6
(pip)
Oct 13, 2023
Apache Superset users may incorrectly create resources using the import charts feature
Moderate
CVE-2023-27526
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset vulnerable to improper data authorization
Moderate
CVE-2023-27523
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset has incorrect authorization check
Moderate
CVE-2023-32672
was published
for
apache-superset
(pip)
Sep 6, 2023
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Low
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
kiwi TCMS has possibility for user to update email address to unverified one
Low
CVE-2023-30544
was published
for
kiwitcms
(pip)
Apr 24, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
ProTip!
Advisories are also available from the
GraphQL API