GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Plone unauthorized member addition vulnerability
High
CVE-2015-7315
was published
for
Plone
(pip)
May 17, 2022
Plone Unauthorized Access Vulnerability
High
CVE-2017-1000483
was published
for
Plone
(pip)
May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
High
CVE-2013-4193
was published
for
plone
(pip)
May 17, 2022
Plone Improper Access Control Vulnerability
High
CVE-2013-4197
was published
for
plone
(pip)
May 17, 2022
Improper Access Control in pyftpdlib
High
CVE-2009-5012
was published
for
pyftpdlib
(pip)
May 2, 2022
Magento Open Source Improper Access Control vulnerability
High
CVE-2024-45118
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
PowerJob incorrect access control vulnerability
High
CVE-2023-36106
was published
for
tech.powerjob:powerjob
(Maven)
Aug 17, 2023
Arbitrary code using "crafted image file" approach affecting Pillow
High
CVE-2016-9190
was published
for
Pillow
(pip)
Jul 12, 2018
OctoPrint Incorrect Access Control
High
CVE-2021-32560
was published
for
octoprint
(pip)
May 24, 2022
MoinMoin Improper Access Control vulnerability
High
CVE-2009-4762
was published
for
moin
(pip)
May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos
High
CVE-2016-3105
was published
for
mercurial
(pip)
May 17, 2022
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Improper Access Control in novajoin
High
CVE-2019-10138
was published
for
novajoin
(pip)
Mar 12, 2020
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
High
CVE-2024-6221
was published
for
Flask-Cors
(pip)
Aug 18, 2024
Component takeover in Oracle Data Provider for .NET
High
CVE-2023-21893
was published
for
Oracle.ManagedDataAccess
(NuGet)
Jan 18, 2023
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
EverShop at risk to unauthorized access via weak HMAC secret
High
CVE-2023-46943
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Mattermost allows unsolicited invites to expose access to local channels
High
CVE-2024-39777
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Aug 1, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct
High
CVE-2024-42480
was published
for
github.com/clastix/kamaji
(Go)
Aug 12, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
ProTip!
Advisories are also available from the
GraphQL API