GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Moderate
CVE-2024-8642
was published
for
org.eclipse.edc:transfer-data-plane
(Maven)
Sep 11, 2024
Spring Security Missing Authorization vulnerability
Moderate
CVE-2024-38810
was published
for
org.springframework.security:spring-security-core
(Maven)
Aug 20, 2024
Alpine allows Authentication Filter bypass
Moderate
CVE-2022-23554
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
WebAuthn4J Spring Security Improper signature counter value handling
Moderate
CVE-2023-45669
was published
for
com.webauthn4j:webauthn4j-spring-security-core
(Maven)
Oct 17, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability
Moderate
CVE-2023-31007
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame
Moderate
CVE-2023-32081
was published
for
io.vertx:vertx-stomp
(Maven)
May 12, 2023
Apache DolphinScheduler's python gateway suffered from improper authentication
Moderate
CVE-2023-25601
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Apr 20, 2023
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Moderate
GHSA-vhvq-jh34-3fc8
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 13, 2023
•
withdrawn
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider
Moderate
CVE-2022-38180
was published
for
io.ktor:ktor
(Maven)
Aug 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
Moderate
CVE-2015-5298
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Jul 8, 2022
Limited Authentication Bypass for Media Files
Moderate
CVE-2022-29237
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
May 25, 2022
Keycloak discloses information without authentication
Moderate
CVE-2020-27838
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Improper Authentication in Apache MyFaces
Moderate
CVE-2010-2057
was published
for
org.apache.myfaces.core:myfaces-impl
(Maven)
May 17, 2022
Apache Axis2 Vulnerable to XML Signature wrapping attack
Moderate
CVE-2012-4418
was published
for
org.apache.axis2:axis2
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API