GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Zope allows attackers to modify raw image and file data
Moderate
CVE-2000-1212
was published
for
zope
(pip)
Apr 30, 2022
OpenStack Compute (Nova) Improper Access Control
Moderate
CVE-2015-2687
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control
Moderate
CVE-2016-0757
was published
for
glance
(pip)
May 17, 2022
Plone Privilege escalation through exposed underlying API
Moderate
CVE-2013-7061
was published
for
Plone
(pip)
May 17, 2022
Openstack Octavia Access Control Vulnerability
Moderate
CVE-2019-3895
was published
for
octavia
(pip)
May 24, 2022
GNU Mailman Postorius Access Control Issues
Moderate
CVE-2021-40347
was published
for
postorius
(pip)
May 24, 2022
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
Improper Access Control in vantage6
Moderate
CVE-2023-41882
was published
for
vantage6
(pip)
Oct 13, 2023
Apache Airflow Improper Access Control vulnerability
Moderate
CVE-2023-50783
was published
for
apache-airflow
(pip)
Dec 21, 2023
vantage6 has insecure SSH configuration for node and server containers
Moderate
CVE-2024-21653
was published
for
vantage6
(pip)
Jan 30, 2024
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
Improper Access Control in janeczku/calibre-web
Moderate
CVE-2021-3987
was published
for
calibreweb
(pip)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API