GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Access Control in Onionshare
Moderate
CVE-2022-21695
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Access Control in Onionshare
Moderate
CVE-2022-21692
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Authentication in pyftpdlib
Moderate
CVE-2007-6737
was published
for
pyftpdlib
(pip)
May 1, 2022
Zope DocumentTemplate package allows unauthenticated write
Moderate
CVE-2000-0483
was published
for
zope
(pip)
May 3, 2022
Trytond allows modification of privileges of arbitrary users
Moderate
CVE-2012-0215
was published
for
trytond
(pip)
May 4, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
Moderate
CVE-2012-4457
was published
for
Keystone
(pip)
May 14, 2022
Django Middleware Enables Session Hijacking
Moderate
CVE-2014-0482
was published
for
Django
(pip)
May 14, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
Chameleon in Plone allows Authentication Bypass
Moderate
CVE-2016-4043
was published
for
Plone
(pip)
May 17, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
OpenStack Neutron Improper Authentication vulnerability
Moderate
CVE-2014-0056
was published
for
neutron
(pip)
May 17, 2022
OpenStack Keystone Improper Authentication vulnerability
Moderate
CVE-2013-1865
was published
for
keystone
(pip)
May 17, 2022
Improper Authentication in pyftpdlib
Moderate
CVE-2008-7263
was published
for
pyftpdlib
(pip)
May 17, 2022
Ansible password prompts could expose passwords
Moderate
CVE-2019-14856
was published
for
ansible
(pip)
May 24, 2022
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Moderate
CVE-2022-31020
was published
for
indy-node
(pip)
Sep 2, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
Synapse has improper checks for deactivated users during login
Moderate
CVE-2023-32682
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests
Moderate
CVE-2023-39531
was published
for
sentry
(pip)
Aug 9, 2023
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API