GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
asyncua Improper Authentication vulnerability
High
CVE-2023-26150
was published
for
asyncua
(pip)
Oct 3, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests
Moderate
CVE-2023-39531
was published
for
sentry
(pip)
Aug 9, 2023
Synapse has improper checks for deactivated users during login
Moderate
CVE-2023-32682
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
High
CVE-2022-31020
was published
for
indy-node
(pip)
Sep 2, 2022
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
Improper Authentication in SaltStack Salt
High
CVE-2021-22004
was published
for
salt
(pip)
May 24, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
Ansible password prompts could expose passwords
High
CVE-2019-14856
was published
for
ansible
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API