Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

23 advisories

Loading
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Authentication in pyftpdlib Moderate
CVE-2008-7263 was published for pyftpdlib (pip) May 17, 2022
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Improper Authentication in pyftpdlib Moderate
CVE-2007-6737 was published for pyftpdlib (pip) May 1, 2022
Chameleon in Plone allows Authentication Bypass Moderate
CVE-2016-4043 was published for Plone (pip) May 17, 2022
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for Django (pip) May 14, 2022
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed Moderate
CVE-2012-4457 was published for Keystone (pip) May 14, 2022
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa
Zope DocumentTemplate package allows unauthenticated write Moderate
CVE-2000-0483 was published for zope (pip) May 3, 2022
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
OpenStack Neutron Improper Authentication vulnerability Moderate
CVE-2014-0056 was published for neutron (pip) May 17, 2022
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
ProTip! Advisories are also available from the GraphQL API