Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
Openstack tripleo-heat-templates unauthenticated file access Moderate
CVE-2017-12155 was published for tripleo-heat-templates (pip) May 13, 2022
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Jupyter Server Proxy's Websocket Proxying does not require authentication Critical
CVE-2024-28179 was published for jupyter-server-proxy (pip) Mar 20, 2024
yuvipanda consideRatio
manics minrk krassowski dlqqq eddelbuettel
Openstack Aodh can be used to launder Keystone trusts High
CVE-2017-12440 was published for aodh (pip) May 13, 2022
Missing Authentication for Critical Function in Apache Airflow Critical
CVE-2021-38540 was published for apache-airflow (pip) May 24, 2022
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Basic auth bypass in esphome High
CVE-2021-41104 was published for esphome (pip) Sep 29, 2021
andir
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
Rdiffweb is missing authentication for critical function Critical
CVE-2022-3327 was published for rdiffweb (pip) Oct 20, 2022
Rdiffweb vulnerable to Missing Authentication for Critical Function Low
CVE-2022-4018 was published for rdiffweb (pip) Nov 16, 2022
SaltStack Salt Unauthenticated Remote Code Execution Critical
CVE-2020-11651 was published for salt (pip) May 24, 2022
Unauthenticated db-file-storage views Low
CVE-2023-50263 was published for nautobot (pip) Dec 13, 2023
Kircheneer
Synapse's unauthenticated writes to the media repository allow planting of problematic content Moderate
CVE-2024-37303 was published for matrix-synapse (pip) Dec 3, 2024
OctoPrint has API key access in settings without reauthentication Moderate
CVE-2024-51493 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
ProTip! Advisories are also available from the GraphQL API