Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Incorrect Authorization in calibreweb Moderate
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Zope does not properly restrict access to the getRoles method High
CVE-2000-0725 was published for zope (pip) Apr 30, 2022
Zope allows attackers to modify raw image and file data Moderate
CVE-2000-1212 was published for zope (pip) Apr 30, 2022
Zope does not properly verify the access for objects with proxy roles High
CVE-2002-0170 was published for zope (pip) Apr 30, 2022
Roundup xml-rpc server improper check of property permissions Moderate
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
MoinMoin vulnerable to privilege escalation Moderate
CVE-2008-1937 was published for moin (pip) May 1, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
Plone Unauthorized Access Vulnerability Moderate
CVE-2017-1000483 was published for plone (pip) May 13, 2022
Borg Improper Access Control vulnerability High
CVE-2017-15914 was published for borgbackup (pip) May 13, 2022
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Plone unauthorized member addition vulnerability Moderate
CVE-2015-7315 was published for Products.CMFPlone (pip) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement Moderate
CVE-2008-6603 was published for moin (pip) May 17, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
Salt allows deleted minions to read or write to minions with the same id Critical
CVE-2016-9639 was published for salt (pip) May 17, 2022
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
Django Access Restrictions Bypass Moderate
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
OpenStack Image Service (Glance) vulnerable to Improper Access Control Moderate
CVE-2016-0757 was published for glance (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API