GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
Defining resource name as integer may give unintended access in vantage6
Moderate
CVE-2023-28635
was published
for
vantage6
(pip)
Oct 13, 2023
Invalid root may become trusted root in The Update Framework (TUF)
Moderate
CVE-2020-15163
was published
for
tuf
(pip)
Sep 9, 2020
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
Privilege Escalation in Channelmgnt plug-in for Sopel
Moderate
CVE-2020-15251
was published
for
sopel-plugins-channelmgnt
(pip)
Oct 13, 2020
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Plone's authenticated users able to alter their password despite of policy definition
Moderate
CVE-2013-4198
was published
for
Plone
(pip)
May 17, 2022
OpenCanary Executes Commands From Potentially Writable Config File
Moderate
CVE-2024-48911
was published
for
OpenCanary
(pip)
Oct 14, 2024
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Moderate
CVE-2023-32683
was published
for
matrix-synapse
(pip)
Jun 6, 2023
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Permissions not properly checked in Invenio-Drafts-Resources
Moderate
CVE-2021-43781
was published
for
invenio-app-rdm
(pip)
Dec 6, 2021
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Moderate
CVE-2024-39905
was published
for
Red-DiscordBot
(pip)
Jul 11, 2024
openstack-barbican Denial of Service vulnerability
Moderate
CVE-2022-23452
was published
for
barbican
(pip)
Sep 2, 2022
Apache Superset Incorrect Authorization vulnerability
Moderate
CVE-2024-28148
was published
for
apache-superset
(pip)
May 7, 2024
vantage6's CORS settings overly permissive
Moderate
CVE-2024-23823
was published
for
vantage6
(pip)
Mar 15, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Duplicate Advisory: Apache Superset - Elevation of Privilege
Moderate
GHSA-392c-vjfv-h7wr
was published
for
apache-superset
(pip)
Nov 27, 2023
•
withdrawn
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Superset vulnerable to improper data authorization
Moderate
CVE-2023-27523
was published
for
apache-superset
(pip)
Sep 6, 2023
Apache Superset has incorrect authorization check
Moderate
CVE-2023-32672
was published
for
apache-superset
(pip)
Sep 6, 2023
ProTip!
Advisories are also available from the
GraphQL API