GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Improper Access Control in janeczku/calibre-web
Moderate
CVE-2021-3987
was published
for
calibreweb
(pip)
Nov 15, 2024
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
GNU Mailman Postorius Access Control Issues
Moderate
CVE-2021-40347
was published
for
postorius
(pip)
May 24, 2022
Plone Privilege escalation through exposed underlying API
Moderate
CVE-2013-7061
was published
for
Plone
(pip)
May 17, 2022
Openstack Octavia Access Control Vulnerability
Moderate
CVE-2019-3895
was published
for
octavia
(pip)
May 24, 2022
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
ZenML Server Remote Privilege Escalation Vulnerability
Moderate
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
OpenStack Compute (Nova) Improper Access Control
Moderate
CVE-2015-2687
was published
for
nova
(pip)
May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
Moderate
CVE-2008-6603
was published
for
moin
(pip)
May 17, 2022
MoinMoin vulnerable to privilege escalation
Moderate
CVE-2008-1937
was published
for
moin
(pip)
May 1, 2022
vantage6 has insecure SSH configuration for node and server containers
Moderate
CVE-2024-21653
was published
for
vantage6
(pip)
Jan 30, 2024
Apache Airflow Improper Access Control vulnerability
Moderate
CVE-2023-50783
was published
for
apache-airflow
(pip)
Dec 21, 2023
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
Improper Access Control in vantage6
Moderate
CVE-2023-41882
was published
for
vantage6
(pip)
Oct 13, 2023
Zope allows attackers to modify raw image and file data
Moderate
CVE-2000-1212
was published
for
zope
(pip)
Apr 30, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control
Moderate
CVE-2016-0757
was published
for
glance
(pip)
May 17, 2022
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
ProTip!
Advisories are also available from the
GraphQL API