Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Electron vulnerable to URL spoofing via PDFium Moderate
CVE-2017-1000424 was published for Electron (npm) May 13, 2022
jhutchings1
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password Moderate
CVE-2022-2368 was published for microweber/microweber (Composer) Jul 12, 2022
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
Verification flaw in Solid identity-token-verifier Moderate
GHSA-xmh9-rg6f-j3mr was published for @solid/identity-token-verifier (npm) Mar 12, 2021
ProTip! Advisories are also available from the GraphQL API