Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Plone and Zope2 vulnerable to unauthorized access to restricted attributes High
CVE-2012-5489 was published for Plone (pip) Jul 23, 2018
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
OpenStack Keystone Insufficient token expiration High
CVE-2012-5563 was published for keystone (pip) May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
Possible pod name collisions in jupyterhub-kubespawner High
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Cobbler before 3.3.0 allows authorization bypass for modification of settings. High
CVE-2021-40325 was published for cobbler (pip) Oct 5, 2021
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints High
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27138 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces High
CVE-2024-39690 was published for github.com/projectcapsule/capsule (Go) Aug 20, 2024
sparkEchooo
OpenFGA Authorization Bypass High
CVE-2024-42473 was published for github.com/openfga/openfga (Go) Aug 9, 2024
sidneibjunior
Evmos vulnerable to exploit of smart contract account and vesting High
CVE-2024-39696 was published for github.com/evmos/evmos/v18 (Go) Jul 10, 2024
GAtom22
fabedge has insecure permissions High
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Alpine allows URL access filter bypass High
CVE-2022-23553 was published for us.springett:alpine (Maven) Aug 5, 2024
Ignite Realtime Openfire privilege escalation vulnerability High
CVE-2024-25420 was published for org.igniterealtime.openfire:xmppserver (Maven) Mar 26, 2024
Apache Archiva Incorrect Authorization vulnerability High
CVE-2024-27139 was published for org.apache.archiva:archiva (Maven) Mar 1, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database