Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
ansible-core Incorrect Authorization vulnerability Moderate
CVE-2024-9902 was published for ansible-core (pip) Nov 6, 2024
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Letta (previously MemGPT) incorrect access control vulnerability High
CVE-2024-39025 was published for letta (pip) Dec 27, 2024
OpenStack Identity service (keystone) Incorrect Authorization High
CVE-2017-2673 was published for keystone (pip) May 13, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM High
CVE-2013-0335 was published for Nova (pip) May 5, 2022
Nautobot missing object-level permissions enforcement when running Job Buttons Low
CVE-2023-51649 was published for nautobot (pip) Dec 22, 2023
abdikanipd
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
Defining resource name as integer may give unintended access in vantage6 Moderate
CVE-2023-28635 was published for vantage6 (pip) Oct 13, 2023
Invalid root may become trusted root in The Update Framework (TUF) Moderate
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
trytond Incorrect Authorization vulnerability High
CVE-2012-2238 was published for trytond (pip) Apr 23, 2022
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Privilege Escalation in Channelmgnt plug-in for Sopel Moderate
CVE-2020-15251 was published for sopel-plugins-channelmgnt (pip) Oct 13, 2020
RhinosF1
Salt's PAM auth fails to reject locked accounts High
CVE-2022-22967 was published for salt (pip) Jun 25, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database