GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Missing Authentication for Critical Function in Saleor
Moderate
CVE-2020-7964
was published
for
saleor
(pip)
Jul 28, 2021
Openstack tripleo-heat-templates unauthenticated file access
Moderate
CVE-2017-12155
was published
for
tripleo-heat-templates
(pip)
May 13, 2022
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Missing Authentication for Critical Function in Apache Airflow
Critical
CVE-2021-38540
was published
for
apache-airflow
(pip)
May 24, 2022
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
Improper Access Control in Onionshare
Moderate
CVE-2022-21691
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Rdiffweb is missing authentication for critical function
Critical
CVE-2022-3327
was published
for
rdiffweb
(pip)
Oct 20, 2022
Rdiffweb vulnerable to Missing Authentication for Critical Function
Low
CVE-2022-4018
was published
for
rdiffweb
(pip)
Nov 16, 2022
SaltStack Salt Unauthenticated Remote Code Execution
Critical
CVE-2020-11651
was published
for
salt
(pip)
May 24, 2022
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API