Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
Improper Authentication and Origin Validation Error in pyload-ng Moderate
CVE-2026-33314 was published for pyload-ng (pip) Mar 19, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
Salt Authentication Protocol Version Downgrade Allows Minion Impersonation High
CVE-2025-62349 was published for salt (pip) Jan 30, 2026
wolfSSL Python module vulnerable to Improper Authentication Critical
CVE-2025-15346 was published for wolfssl (pip) Jan 8, 2026
rhdesmond Credited to rhdesmond
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions Moderate
CVE-2025-65431 was published for django-allauth (pip) Dec 15, 2025
FastMCP Auth Integration Allows for Confused Deputy Account Takeover High
GHSA-c2jp-c369-7pvx was published for fastmcp (pip) Oct 29, 2025
localden Credited to localden
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir Credited to Muhammad-Qasim-Munir
NiceGUI On Air authentication issue High
CVE-2025-21618 was published for nicegui (pip) Jan 6, 2025
streamcfd Credited to streamcfd and rodja rodja rodja
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski Credited to opoplawski
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Credited to krassowski, Carreau, andrii-i, dlqqq, and yuvipanda Carreau Carreau
andrii-i andrii-i dlqqq dlqqq yuvipanda yuvipanda
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses Credited to parantheses and dpgaspar dpgaspar dpgaspar
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert Credited to tkruppert
asyncua Improper Authentication vulnerability High
CVE-2023-26150 was published for asyncua (pip) Oct 3, 2023
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa Credited to EricHasegawa
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko Credited to aruneko and richardfan0606 richardfan0606 richardfan0606
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database