GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
High
CVE-2022-36024
was published
for
py-cord
(pip)
Aug 18, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
Improper Access Control in pyftpdlib
High
CVE-2009-5012
was published
for
pyftpdlib
(pip)
May 2, 2022
Improper Input Validation in sopel-plugins.channelmgnt
High
CVE-2021-21431
was published
for
sopel-plugins.channelmgnt
(pip)
Apr 9, 2021
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
rdiffweb Improper Access Control vulnerability
Critical
CVE-2022-4724
was published
for
rdiffweb
(pip)
Dec 27, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control
Moderate
CVE-2016-0757
was published
for
glance
(pip)
May 17, 2022
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
Plone unauthorized member addition vulnerability
Moderate
CVE-2015-7315
was published
for
Products.CMFPlone
(pip)
May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
Moderate
CVE-2013-4193
was published
for
plone
(pip)
May 17, 2022
Plone Improper Access Control Vulnerability
High
CVE-2013-4197
was published
for
plone
(pip)
May 17, 2022
Plone Unauthorized Access Vulnerability
Moderate
CVE-2017-1000483
was published
for
plone
(pip)
May 13, 2022
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Zope allows attackers to modify raw image and file data
Moderate
CVE-2000-1212
was published
for
zope
(pip)
Apr 30, 2022
Zope does not properly restrict access to the getRoles method
High
CVE-2000-0725
was published
for
zope
(pip)
Apr 30, 2022
Improper Access Control in vantage6
Moderate
CVE-2023-41882
was published
for
vantage6
(pip)
Oct 13, 2023
Privilege escalation via ApiTokensEndpoint
High
CVE-2023-39349
was published
for
sentry
(pip)
Aug 8, 2023
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Apache Airflow Improper Access Control vulnerability
Moderate
CVE-2023-50783
was published
for
apache-airflow
(pip)
Dec 21, 2023
pyload Unauthenticated Flask Configuration Leakage vulnerability
High
CVE-2024-21644
was published
for
pyload-ng
(pip)
Jan 8, 2024
ProTip!
Advisories are also available from the
GraphQL API