GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
High
CVE-2013-0335
was published
for
Nova
(pip)
May 5, 2022
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Incorrect Authorization in calibreweb
High
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Salt's PAM auth fails to reject locked accounts
High
CVE-2022-22967
was published
for
salt
(pip)
Jun 25, 2022
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
High
CVE-2012-5489
was published
for
Plone
(pip)
Jul 23, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
High
CVE-2024-37300
was published
for
oauthenticator
(pip)
Jun 12, 2024
Duplicate Advisory: Unauthorized privilege escalation in Mod module
High
GHSA-q886-75m2-vff8
was published
for
red-discordbot
(pip)
May 24, 2022
•
withdrawn
Apache Superset - Elevation of Privilege
High
CVE-2023-40610
was published
for
apache-superset
(pip)
Nov 28, 2023
Apache Superset incorrect write permissions vulnerability
High
CVE-2023-49734
was published
for
apache-superset
(pip)
Dec 19, 2023
Barbican authorization flaw before v14.0.0
High
CVE-2022-23451
was published
for
barbican
(pip)
Sep 7, 2022
ProTip!
Advisories are also available from the
GraphQL API