GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
Zope DTML implementation Improper Authentication
High
CVE-2000-0062
was published
for
zope
(pip)
Apr 30, 2022
Zope does not properly perform security registration for legacy names
High
CVE-2000-1211
was published
for
zope
(pip)
Apr 30, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
High
CVE-2009-0669
was published
for
ZODB3
(pip)
May 2, 2022
Trytond allows modification of privileges of arbitrary users
High
CVE-2012-0215
was published
for
trytond
(pip)
May 4, 2022
OpenStack Keystone Improper Authentication vulnerability
High
CVE-2012-4456
was published
for
keystone
(pip)
May 14, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
High
CVE-2014-2237
was published
for
keystone
(pip)
May 17, 2022
Salt has insufficient argument validation in several modules
High
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
Ansible password prompts could expose passwords
High
CVE-2019-14856
was published
for
ansible
(pip)
May 24, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
Improper Authentication in SaltStack Salt
High
CVE-2021-22004
was published
for
salt
(pip)
May 24, 2022
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
High
CVE-2022-31020
was published
for
indy-node
(pip)
Sep 2, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
ProTip!
Advisories are also available from the
GraphQL API