Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,542
NuGet
619
pip
3,127
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
pysaml2 Improper Authentication vulnerability High
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature High
CVE-2017-11427 was published for python-saml (pip) Jul 5, 2019
LDAP authentication bypass with empty password High
CVE-2020-26214 was published for alerta-server (pip) Nov 6, 2020
CasperGN
Improper Authentication High
GHSA-cqff-fx2x-p86v was published for botframework-connector (pip) Mar 8, 2021
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Potential bypass of an upstream access control based on URL paths in Django High
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
Zope DTML implementation Improper Authentication High
CVE-2000-0062 was published for zope (pip) Apr 30, 2022
Zope does not properly perform security registration for legacy names High
CVE-2000-1211 was published for zope (pip) Apr 30, 2022
Improper Authentication in pyftpdlib High
CVE-2007-6737 was published for pyftpdlib (pip) May 1, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers High
CVE-2009-0669 was published for ZODB3 (pip) May 2, 2022
anonymous4ACL24
python-kerberos vulnerable to KDC spoofing attacks High
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
OpenStack Keystone Improper Authentication vulnerability High
CVE-2012-4456 was published for keystone (pip) May 14, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
Improper Authentication in pyftpdlib High
CVE-2008-7263 was published for pyftpdlib (pip) May 17, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution High
CVE-2021-25315 was published for salt (pip) May 24, 2022
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients High
CVE-2021-31606 was published for openvpn-monitor (pip) May 24, 2022
Flower OAuth authentication bypass High
CVE-2022-30034 was published for flower (pip) Jun 3, 2022
tprynn
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder High
CVE-2022-39254 was published for matrix-nio (pip) Sep 30, 2022
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
asyncua Improper Authentication vulnerability High
CVE-2023-26150 was published for asyncua (pip) Oct 3, 2023
ProTip! Advisories are also available from the GraphQL API