Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace High
CVE-2024-29033 was published for oauthenticator (pip) Mar 20, 2024
manics consideRatio
betatim
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Improper authorization on debug and artifact file downloads High
CVE-2023-36826 was published for sentry (pip) Jul 25, 2023
Swatinem
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database