Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort Credited to TomTervoort
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty Credited to W0rty, numacanedo, tomakehurst, Mahoney, and oleg-nenashev numacanedo numacanedo
tomakehurst tomakehurst Mahoney Mahoney oleg-nenashev oleg-nenashev
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi Credited to jacopotediosi
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi Credited to jacopotediosi
PinkDraconian Credited to PinkDraconian
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason Credited to mel-mason, vanya909, and nijel vanya909 vanya909
nijel nijel
Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims High
CVE-2026-33175 was published for oauthenticator (pip) Apr 3, 2026
Jaynornj Credited to Jaynornj and Pr00fOf3xpl0it Pr00fOf3xpl0it Pr00fOf3xpl0it
Django vulnerable to ASGI header spoofing via underscore/hyphen conflation High
CVE-2026-3902 was published for Django (pip) Apr 7, 2026
Sentry's improper authentication on SAML SSO process allows user identity linking Critical
CVE-2026-42354 was published for sentry (pip) Apr 30, 2026
jaydns Credited to jaydns
Codechecker has an authentication bypass for certain API calls Critical
CVE-2026-25660 was published for codechecker (pip) May 5, 2026
mtolley Credited to mtolley
LiteLLM: Authentication Bypass via Host Header Injection Critical
CVE-2026-49468 was published for litellm (pip) Jun 16, 2026
LilThawg29 Credited to LilThawg29
ProTip! Advisories are also available from the GraphQL API