GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Moderate
CVE-2024-39905
was published
for
Red-DiscordBot
(pip)
Jul 11, 2024
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
High
CVE-2024-37300
was published
for
oauthenticator
(pip)
Jun 12, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Nautobot missing object-level permissions enforcement when running Job Buttons
Low
CVE-2023-51649
was published
for
nautobot
(pip)
Dec 22, 2023
Apache Superset incorrect write permissions vulnerability
High
CVE-2023-49734
was published
for
apache-superset
(pip)
Dec 19, 2023
Apache Superset - Elevation of Privilege
High
CVE-2023-40610
was published
for
apache-superset
(pip)
Nov 28, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege
Moderate
GHSA-392c-vjfv-h7wr
was published
for
apache-superset
(pip)
Nov 27, 2023
•
withdrawn
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Defining resource name as integer may give unintended access in vantage6
Moderate
CVE-2023-28635
was published
for
vantage6
(pip)
Oct 13, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Superset has incorrect authorization check
Moderate
CVE-2023-32672
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset vulnerable to improper data authorization
Moderate
CVE-2023-27523
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users
Moderate
CVE-2023-36387
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset users may incorrectly create resources using the import charts feature
Moderate
CVE-2023-27526
was published
for
apache-superset
(pip)
Sep 6, 2023
Vyper has incorrectly allocated named re-entrancy locks
Critical
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
ProTip!
Advisories are also available from the
GraphQL API