GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
71 advisories
Filter by severity
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
OpenStack Neutron Improper Authentication vulnerability
Moderate
CVE-2014-0056
was published
for
neutron
(pip)
May 17, 2022
OpenStack Keystone Improper Authentication vulnerability
High
CVE-2012-4456
was published
for
keystone
(pip)
May 14, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
Zope DTML implementation Improper Authentication
High
CVE-2000-0062
was published
for
zope
(pip)
Apr 30, 2022
Zope does not properly perform security registration for legacy names
High
CVE-2000-1211
was published
for
zope
(pip)
Apr 30, 2022
Zope DocumentTemplate package allows unauthenticated write
Moderate
CVE-2000-0483
was published
for
zope
(pip)
May 3, 2022
asyncua Improper Authentication vulnerability
High
CVE-2023-26150
was published
for
asyncua
(pip)
Oct 3, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests
Moderate
CVE-2023-39531
was published
for
sentry
(pip)
Aug 9, 2023
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
Moderate
CVE-2012-4457
was published
for
Keystone
(pip)
May 14, 2022
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
AsyncSSH SSH Server Authentication Bypass
Critical
CVE-2018-7749
was published
for
AsyncSSH
(pip)
May 14, 2022
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
ProTip!
Advisories are also available from the
GraphQL API