GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,989
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Improper Authentication in SaltStack Salt
High
CVE-2021-22004
was published
for
salt
(pip)
May 24, 2022
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Salt has insufficient argument validation in several modules
High
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
Improper Authentication in pyftpdlib
Moderate
CVE-2008-7263
was published
for
pyftpdlib
(pip)
May 17, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
Improper Authentication in pyftpdlib
Moderate
CVE-2007-6737
was published
for
pyftpdlib
(pip)
May 1, 2022
Chameleon in Plone allows Authentication Bypass
Moderate
CVE-2016-4043
was published
for
Plone
(pip)
May 17, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Paramiko not properly checking authentication before processing other requests
Critical
CVE-2018-7750
was published
for
paramiko
(pip)
Jul 12, 2018
Improper Access Control in Onionshare
Moderate
CVE-2022-21695
was published
for
onionshare-cli
(pip)
Jan 21, 2022
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
Improper Access Control in Onionshare
Moderate
CVE-2022-21692
was published
for
onionshare-cli
(pip)
Jan 21, 2022
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API