GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
ZenML Server Remote Privilege Escalation Vulnerability
High
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
Incorrect Authorization in calibreweb
High
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Improper Input Validation in sopel-plugins.channelmgnt
High
CVE-2021-21431
was published
for
sopel-plugins.channelmgnt
(pip)
Apr 9, 2021
Plone unauthorized member addition vulnerability
High
CVE-2015-7315
was published
for
Plone
(pip)
May 17, 2022
Plone Unauthorized Access Vulnerability
High
CVE-2017-1000483
was published
for
Plone
(pip)
May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
High
CVE-2013-4193
was published
for
plone
(pip)
May 17, 2022
Plone Improper Access Control Vulnerability
High
CVE-2013-4197
was published
for
plone
(pip)
May 17, 2022
Improper Access Control in pyftpdlib
High
CVE-2009-5012
was published
for
pyftpdlib
(pip)
May 2, 2022
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
OctoPrint Incorrect Access Control
High
CVE-2021-32560
was published
for
octoprint
(pip)
May 24, 2022
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Zope does not properly verify the access for objects with proxy roles
High
CVE-2002-0170
was published
for
zope
(pip)
Apr 30, 2022
pyload Unauthenticated Flask Configuration Leakage vulnerability
High
CVE-2024-21644
was published
for
pyload-ng
(pip)
Jan 8, 2024
Privilege escalation via ApiTokensEndpoint
High
CVE-2023-39349
was published
for
sentry
(pip)
Aug 8, 2023
Zope does not properly restrict access to the getRoles method
High
CVE-2000-0725
was published
for
zope
(pip)
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API