Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
python-kerberos vulnerable to KDC spoofing attacks Critical
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
Indy's NODE_UPGRADE transaction vulnerable to remote code execution Moderate
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Django Rest Framework jwt allows obtaining new token from notionally invalidated token Critical
CVE-2020-10594 was published for drf-jwt (pip) Jun 5, 2020
Potential bypass of an upstream access control based on URL paths in Django High
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for Django (pip) May 14, 2022
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for crate (Maven) Jan 30, 2024
Tu0Laj1
Improper Authentication in Buildbot Critical
CVE-2019-12300 was published for buildbot (pip) May 29, 2019
botframework-connector vulnerable to Improper Authentication High
GHSA-cqff-fx2x-p86v was published for botframework-connector (pip) Mar 8, 2021
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
AsyncSSH SSH Server Authentication Bypass Critical
CVE-2018-7749 was published for AsyncSSH (pip) May 14, 2022
LDAP authentication bypass with empty password Critical
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
Ansible password prompts could expose passwords Moderate
CVE-2019-14856 was published for ansible (pip) May 24, 2022
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database