Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions Moderate
GHSA-rfgh-63mg-8pwm was published for pyload-ng (pip) Apr 8, 2026
komi22 Credited to komi22
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk Credited to davidbors-snyk
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit Credited to naxus-audit and nijel nijel nijel
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation Moderate
CVE-2025-14546 was published for fastapi-sso (pip) Dec 19, 2025
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar Credited to r3kumar and sunSUNQ sunSUNQ sunSUNQ
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Credited to ahpaleus and Vasco-jofra Vasco-jofra Vasco-jofra
2FA bypass through deleting devices in wagtail-2fa Moderate
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf Credited to ysf
Unauthorized privilege escalation in Mod module Moderate
CVE-2020-15278 was published for red-discordbot (pip) Oct 27, 2020
Jackenmen Credited to Jackenmen
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts Moderate
CVE-2023-42453 was published for matrix-synapse (pip) Sep 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database