Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Frigte has broken access control viewer user can delete admin and other users account High
CVE-2026-33125 was published for frigate (pip) Mar 18, 2026
czerlun Credited to czerlun
Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field High
CVE-2026-22033 was published for label-studio (pip) Jan 12, 2026
david3107 Credited to david3107
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk Credited to davidbors-snyk
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation Moderate
CVE-2025-14546 was published for fastapi-sso (pip) Dec 19, 2025
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc Credited to superboy-zjc and jackfromeast jackfromeast jackfromeast
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace High
CVE-2024-29033 was published for oauthenticator (pip) Mar 20, 2024
manics Credited to manics, consideRatio, and betatim consideRatio consideRatio
betatim betatim
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar Credited to r3kumar and sunSUNQ sunSUNQ sunSUNQ
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Moderate
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
Improper authorization on debug and artifact file downloads High
CVE-2023-36826 was published for sentry (pip) Jul 25, 2023
Swatinem Credited to Swatinem
Improper Authorization in modoboa Critical
CVE-2023-2227 was published for modoboa (pip) Apr 21, 2023
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ Credited to sunSUNQ
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf Credited to ysf
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino Credited to comrumino
Unauthorized privilege escalation in Mod module Moderate
CVE-2020-15278 was published for red-discordbot (pip) Oct 27, 2020
Jackenmen Credited to Jackenmen
2FA bypass through deleting devices in wagtail-2fa Moderate
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database