GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
2FA bypass through deleting devices in wagtail-2fa
Moderate
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Unauthorized privilege escalation in Mod module
Moderate
CVE-2020-15278
was published
for
red-discordbot
(pip)
Oct 27, 2020
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Improper authorization on debug and artifact file downloads
High
CVE-2023-36826
was published
for
sentry
(pip)
Jul 25, 2023
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Moderate
CVE-2023-42453
was published
for
matrix-synapse
(pip)
Sep 26, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API