Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20 advisories

Loading
Invalid root may become trusted root in The Update Framework (TUF) High
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Apache Superset - Elevation of Privilege High
CVE-2023-40610 was published for apache-superset (pip) Nov 28, 2023
Duplicate Advisory: Unauthorized privilege escalation in Mod module High
GHSA-q886-75m2-vff8 was published for red-discordbot (pip) May 24, 2022 withdrawn
trytond Incorrect Authorization vulnerability High
CVE-2012-2238 was published for trytond (pip) Apr 23, 2022
OpenStack Identity service (keystone) Incorrect Authorization High
CVE-2017-2673 was published for keystone (pip) May 13, 2022
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 High
CVE-2024-37300 was published for oauthenticator (pip) Jun 12, 2024
minrk yuvipanda
manics
Cobbler before 3.3.0 allows authorization bypass for modification of settings. High
CVE-2021-40325 was published for cobbler (pip) Oct 5, 2021
Possible pod name collisions in jupyterhub-kubespawner High
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
OpenStack Keystone Insufficient token expiration High
CVE-2012-5563 was published for keystone (pip) May 17, 2022
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Plone and Zope2 vulnerable to unauthorized access to restricted attributes High
CVE-2012-5489 was published for Plone (pip) Jul 23, 2018
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
ProTip! Advisories are also available from the GraphQL API