Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Incorrect Authorization in calibreweb Moderate
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Red-DiscordBot vulnerable to Incorrect Authorization in commands API Moderate
CVE-2024-39905 was published for Red-DiscordBot (pip) Jul 11, 2024
Flame442
openstack-barbican Denial of Service vulnerability Moderate
CVE-2022-23452 was published for barbican (pip) Sep 2, 2022
Apache Superset Incorrect Authorization vulnerability Moderate
CVE-2024-28148 was published for apache-superset (pip) May 7, 2024
vantage6's CORS settings overly permissive Moderate
CVE-2024-23823 was published for vantage6 (pip) Mar 15, 2024
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Apache Superset vulnerable to improper data authorization Moderate
CVE-2023-27523 was published for apache-superset (pip) Sep 6, 2023
Apache Superset has incorrect authorization check Moderate
CVE-2023-32672 was published for apache-superset (pip) Sep 6, 2023
Sentry CORS misconfiguration Moderate
CVE-2023-36829 was published for sentry (pip) Jul 6, 2023
andr0idp4r4n0id
Apache Superset users may incorrectly create resources using the import charts feature Moderate
CVE-2023-27526 was published for apache-superset (pip) Sep 6, 2023
Defining resource name as integer may give unintended access in vantage6 Moderate
CVE-2023-28635 was published for vantage6 (pip) Oct 13, 2023
Vyper has incorrectly allocated named re-entrancy locks Moderate
CVE-2023-39363 was published for vyper (pip) Aug 9, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
Apache Superset vulnerable to Improper Authorization Moderate
CVE-2023-27525 was published for apache-superset (pip) Apr 17, 2023
Possible pod name collisions in jupyterhub-kubespawner Moderate
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
ProTip! Advisories are also available from the GraphQL API