Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia byt3bl33d3r
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
ZenML Server Remote Privilege Escalation Vulnerability Moderate
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
Apache Airflow Improper Access Control vulnerability Moderate
CVE-2023-50783 was published for apache-airflow (pip) Dec 21, 2023
Improper Access Control in vantage6 Moderate
CVE-2023-41882 was published for vantage6 (pip) Oct 13, 2023
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
GNU Mailman Postorius Access Control Issues Moderate
CVE-2021-40347 was published for postorius (pip) May 24, 2022
OctoPrint Incorrect Access Control Moderate
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
Openstack Octavia Access Control Vulnerability Moderate
CVE-2019-3895 was published for octavia (pip) May 24, 2022
MoinMoin Improper Access Control Moderate
CVE-2012-4404 was published for moin (pip) May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms Moderate
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Privilege escalation through exposed underlying API Moderate
CVE-2013-7061 was published for Plone (pip) May 17, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control Moderate
CVE-2016-0757 was published for glance (pip) May 17, 2022
Django Access Restrictions Bypass Moderate
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement Moderate
CVE-2008-6603 was published for moin (pip) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
Plone unauthorized member addition vulnerability Moderate
CVE-2015-7315 was published for Products.CMFPlone (pip) May 17, 2022
Plone Unauthorized Access Vulnerability Moderate
CVE-2017-1000483 was published for plone (pip) May 13, 2022
MoinMoin vulnerable to privilege escalation Moderate
CVE-2008-1937 was published for moin (pip) May 1, 2022
Roundup xml-rpc server improper check of property permissions Moderate
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
Zope allows attackers to modify raw image and file data Moderate
CVE-2000-1212 was published for zope (pip) Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API