Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
open-webui is Vulnerable to Incorrect Access Control Low
CVE-2025-63681 was published for open-webui (pip) Dec 4, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints Moderate
CVE-2025-66454 was published for arcade-mcp-server (pip) Dec 2, 2025
qi-scape
Credited to qi-scape
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode Moderate
CVE-2025-58337 was published for doris-mcp-server (pip) Nov 5, 2025
lirantal
Credited to lirantal
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia byt3bl33d3r
Credited to krrishdholakia and byt3bl33d3r
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Credited to PinkDraconian
Reflex vulnerable to private state fields modification High
CVE-2025-47425 was published for reflex (pip) May 15, 2025
adhami3310 masenf
Kastier1
Credited to adhami3310, masenf, and Kastier1
Roundup Improper Access Control Moderate
CVE-2009-2737 was published for Roundup (pip) May 2, 2022
anonymous4ACL24
Credited to anonymous4ACL24
Roundup xml-rpc server improper check of property permissions Critical
CVE-2008-1475 was published for roundup (pip) May 1, 2022
anonymous4ACL24
Credited to anonymous4ACL24
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default High
CVE-2024-6221 was published for Flask-Cors (pip) Aug 18, 2024
adrianosela Alex-ley-scrub
icarocd
Credited to adrianosela, Alex-ley-scrub, and icarocd
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution High
CVE-2022-36024 was published for py-cord (pip) Aug 18, 2022
NeloBlivion BobDotCom
Credited to NeloBlivion and BobDotCom
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement High
CVE-2008-6603 was published for moin (pip) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
MoinMoin vulnerable to privilege escalation High
CVE-2008-1937 was published for moin (pip) May 1, 2022
Apache Airflow Improper Access Control vulnerability Moderate
CVE-2023-50783 was published for apache-airflow (pip) Dec 21, 2023
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Improper Access Control in vantage6 Moderate
CVE-2023-41882 was published for vantage6 (pip) Oct 13, 2023
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
Credited to hahwul
Django Access Restrictions Bypass High
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Credited to sunSUNQ
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
Credited to n1k9, d-maurer, perrinjerome, and dataflake
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database