GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Paramiko not properly checking authentication before processing other requests
Critical
CVE-2018-7750
was published
for
paramiko
(pip)
Jul 12, 2018
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Improper Access Control in Onionshare
Moderate
CVE-2022-21695
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Access Control in Onionshare
Moderate
CVE-2022-21692
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
Zope DTML implementation Improper Authentication
High
CVE-2000-0062
was published
for
zope
(pip)
Apr 30, 2022
Zope does not properly perform security registration for legacy names
High
CVE-2000-1211
was published
for
zope
(pip)
Apr 30, 2022
Improper Authentication in pyftpdlib
Moderate
CVE-2007-6737
was published
for
pyftpdlib
(pip)
May 1, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
High
CVE-2009-0669
was published
for
ZODB3
(pip)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API