GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Invalid root may become trusted root in The Update Framework (TUF)
High
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
Permissions not properly checked in Invenio-Drafts-Resources
Moderate
CVE-2021-43781
was published
for
invenio-app-rdm
(pip)
Dec 6, 2021
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Duplicate Advisory: Unauthorized privilege escalation in Mod module
High
GHSA-q886-75m2-vff8
was published
for
red-discordbot
(pip)
May 24, 2022
•
withdrawn
OpenStack Neutron vulnerable to hardware address impersonation
Critical
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Access control issue in AlekSIS-Core
Moderate
CVE-2022-29773
was published
for
aleksis-core
(pip)
Jun 4, 2022
Salt's PAM auth fails to reject locked accounts
High
CVE-2022-22967
was published
for
salt
(pip)
Jun 25, 2022
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
Openstack Keystone Incorrect Authorization vulnerability
Critical
CVE-2021-3563
was published
for
keystone
(pip)
Aug 27, 2022
openstack-barbican Denial of Service vulnerability
Moderate
CVE-2022-23452
was published
for
barbican
(pip)
Sep 2, 2022
Barbican authorization flaw before v14.0.0
High
CVE-2022-23451
was published
for
barbican
(pip)
Sep 7, 2022
ProTip!
Advisories are also available from the
GraphQL API