GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Synapse has improper checks for deactivated users during login
Moderate
CVE-2023-32682
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Moderate
CVE-2022-31020
was published
for
indy-node
(pip)
Sep 2, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Django Middleware Enables Session Hijacking
Moderate
CVE-2014-0482
was published
for
Django
(pip)
May 14, 2022
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
AsyncSSH SSH Server Authentication Bypass
Critical
CVE-2018-7749
was published
for
AsyncSSH
(pip)
May 14, 2022
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
Ansible password prompts could expose passwords
Moderate
CVE-2019-14856
was published
for
ansible
(pip)
May 24, 2022
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API