GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
High
CVE-2013-0335
was published
for
Nova
(pip)
May 5, 2022
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
Defining resource name as integer may give unintended access in vantage6
Moderate
CVE-2023-28635
was published
for
vantage6
(pip)
Oct 13, 2023
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
Incorrect Authorization in calibreweb
High
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Privilege Escalation in Channelmgnt plug-in for Sopel
Moderate
CVE-2020-15251
was published
for
sopel-plugins-channelmgnt
(pip)
Oct 13, 2020
Salt's PAM auth fails to reject locked accounts
High
CVE-2022-22967
was published
for
salt
(pip)
Jun 25, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Plone's authenticated users able to alter their password despite of policy definition
Moderate
CVE-2013-4198
was published
for
Plone
(pip)
May 17, 2022
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
High
CVE-2012-5489
was published
for
Plone
(pip)
Jul 23, 2018
Vyper has incorrectly allocated named re-entrancy locks
Critical
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API