Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Improper Input Validation in sopel-plugins.channelmgnt High
CVE-2021-21431 was published for sopel-plugins.channelmgnt (pip) Apr 9, 2021
slixmpp Incorrect Access Control High
CVE-2019-1000021 was published for slixmpp (pip) May 13, 2022
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Plone Unauthorized Access Vulnerability High
CVE-2017-1000483 was published for Plone (pip) May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms High
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
Borg Improper Access Control vulnerability High
CVE-2017-15914 was published for borgbackup (pip) May 13, 2022
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Zope does not properly verify the access for objects with proxy roles High
CVE-2002-0170 was published for zope (pip) Apr 30, 2022
pyload Unauthenticated Flask Configuration Leakage vulnerability High
CVE-2024-21644 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
Privilege escalation via ApiTokensEndpoint High
CVE-2023-39349 was published for sentry (pip) Aug 8, 2023
LTiDi2000
Zope does not properly restrict access to the getRoles method High
CVE-2000-0725 was published for zope (pip) Apr 30, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution High
CVE-2022-36024 was published for py-cord (pip) Aug 18, 2022
NeloBlivion BobDotCom
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database