Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Salt Improper Access Control High
CVE-2016-1866 was published for salt (pip) May 14, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Plone Unauthorized Access Vulnerability High
CVE-2017-1000483 was published for Plone (pip) May 13, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms High
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
Improper Access Control in pyftpdlib High
CVE-2009-5012 was published for pyftpdlib (pip) May 2, 2022
Magento Open Source Improper Access Control vulnerability High
CVE-2024-45118 was published for magento/community-edition (Composer) Oct 10, 2024
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
PowerJob incorrect access control vulnerability High
CVE-2023-36106 was published for tech.powerjob:powerjob (Maven) Aug 17, 2023
Arbitrary code using "crafted image file" approach affecting Pillow High
CVE-2016-9190 was published for Pillow (pip) Jul 12, 2018
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
MoinMoin Improper Access Control vulnerability High
CVE-2009-4762 was published for moin (pip) May 2, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
Improper Access Control in novajoin High
CVE-2019-10138 was published for novajoin (pip) Mar 12, 2020
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
Component takeover in Oracle Data Provider for .NET High
CVE-2023-21893 was published for Oracle.ManagedDataAccess (NuGet) Jan 18, 2023
georg-jung alexkeh
Borg Improper Access Control vulnerability High
CVE-2017-15914 was published for borgbackup (pip) May 13, 2022
EverShop at risk to unauthorized access via weak HMAC secret High
CVE-2023-46943 was published for @evershop/evershop (npm) Jan 13, 2024
Mattermost allows unsolicited invites to expose access to local channels High
CVE-2024-39777 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
RBAC Roles for `etcd` created by Kamaji are not disjunct High
CVE-2024-42480 was published for github.com/clastix/kamaji (Go) Aug 12, 2024
SimonKienzler prometherion
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database