GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
High
CVE-2024-29033
was published
for
oauthenticator
(pip)
Mar 20, 2024
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Moderate
CVE-2023-42453
was published
for
matrix-synapse
(pip)
Sep 26, 2023
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Unauthorized privilege escalation in Mod module
Moderate
CVE-2020-15278
was published
for
red-discordbot
(pip)
Oct 27, 2020
Improper authorization on debug and artifact file downloads
High
CVE-2023-36826
was published
for
sentry
(pip)
Jul 25, 2023
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
2FA bypass through deleting devices in wagtail-2fa
Moderate
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Gradio's CORS origin validation accepts the null origin
Moderate
CVE-2024-47165
was published
for
gradio
(pip)
Oct 10, 2024
Gradios's CORS origin validation is not performed when the request has a cookie
High
CVE-2024-47084
was published
for
gradio
(pip)
Oct 10, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
High
CVE-2024-55633
was published
for
apache-superset
(pip)
Dec 12, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Salt vulnerable to arbitrary event injection
High
CVE-2025-22239
was published
for
salt
(pip)
Jun 13, 2025
Apache Superset Allows Ownership Takeover
Moderate
CVE-2025-27696
was published
for
apache-superset
(pip)
May 13, 2025
LiteLLM Has an Improper Authorization Vulnerability
High
CVE-2025-0628
was published
for
litellm
(pip)
Mar 20, 2025
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
Moderate
CVE-2025-55675
was published
for
apache-superset
(pip)
Aug 14, 2025
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation
Moderate
CVE-2025-14546
was published
for
fastapi-sso
(pip)
Dec 19, 2025
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
Moderate
CVE-2025-68481
was published
for
fastapi-users
(pip)
Dec 19, 2025
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
High
CVE-2026-22033
was published
for
label-studio
(pip)
Jan 12, 2026
Frigte has broken access control viewer user can delete admin and other users account
High
CVE-2026-33125
was published
for
frigate
(pip)
Mar 18, 2026
SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking
High
CVE-2026-32716
was published
for
scitokens
(pip)
Mar 31, 2026
Open WebUI has Broken Access Control in Tool Valves
High
CVE-2026-34222
was published
for
open-webui
(pip)
Apr 1, 2026
ProTip!
Advisories are also available from the
GraphQL API