Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

53 advisories

Loading
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
litellm vulnerable to improper access control in team management Moderate
CVE-2024-5710 was published for litellm (pip) Jun 27, 2024
krrishdholakia byt3bl33d3r
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration Low
CVE-2024-32969 was published for vantage6 (pip) May 22, 2024
MLflow allows low privilege users to delete any artifact Moderate
CVE-2024-4263 was published for mlflow (pip) May 16, 2024
ZenML Server Remote Privilege Escalation Vulnerability High
CVE-2024-25723 was published for zenml (pip) Feb 27, 2024
hahwul
vantage6 has insecure SSH configuration for node and server containers Moderate
CVE-2024-21653 was published for vantage6 (pip) Jan 30, 2024
pyload Unauthenticated Flask Configuration Leakage vulnerability High
CVE-2024-21644 was published for pyload-ng (pip) Jan 8, 2024
PinkDraconian
Apache Airflow Improper Access Control vulnerability Moderate
CVE-2023-50783 was published for apache-airflow (pip) Dec 21, 2023
Improper Access Control in vantage6 Moderate
CVE-2023-41882 was published for vantage6 (pip) Oct 13, 2023
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Privilege escalation via ApiTokensEndpoint High
CVE-2023-39349 was published for sentry (pip) Aug 8, 2023
LTiDi2000
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
rdiffweb Improper Access Control vulnerability Critical
CVE-2022-4724 was published for rdiffweb (pip) Dec 27, 2022
Sentry vulnerable to invite code reuse via cookie manipulation Moderate
CVE-2022-23485 was published for sentry (pip) Dec 12, 2022
tdunlap607
GNU Mailman Postorius Access Control Issues Moderate
CVE-2021-40347 was published for postorius (pip) May 24, 2022
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Openstack Octavia Access Control Vulnerability Moderate
CVE-2019-3895 was published for octavia (pip) May 24, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
MoinMoin Improper Access Control Moderate
CVE-2012-4404 was published for moin (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API