GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
44 advisories
Filter by severity
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authentication in Apache Karaf
High
CVE-2018-11787
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-1772
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Authentication in Apache Zeppelin
High
CVE-2018-1317
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
Improper Authentication in Apache Hadoop
High
CVE-2018-11765
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Apr 30, 2021
Authentication bypass in Apache Shiro
High
CVE-2020-13933
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Atlassian Connect Spring Boot
High
CVE-2021-26077
was published
for
com.atlassian.connect:atlassian-connect-spring-boot
(Maven)
Jun 16, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Improper Authentication in Apereo CAS
High
CVE-2020-27178
was published
for
org.apereo.cas:cas-server-support-otp-mfa-core
(Maven)
Aug 2, 2021
Authentication bypass in Apache Zeppelin
High
CVE-2020-13929
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
User impersonation due to incorrect handling of the login JWT
High
CVE-2021-39177
was published
for
org.geysermc:connector
(Maven)
Sep 7, 2021
ECP SAML binding bypasses authentication flows
High
CVE-2021-3827
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Apr 27, 2022
Improper Authentication in Mortbay Jetty
High
CVE-2007-5614
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Authentication in Spring Security
High
CVE-2014-0097
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Improper Authentication in Pivotal Spring-LDAP
High
CVE-2017-8028
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
May 13, 2022
Keycloak Oauth Implementation Error
High
CVE-2017-12160
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin
High
CVE-2017-2652
was published
for
org.jenkins-ci.plugins:distfork
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
High
CVE-2017-1000106
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication In Apache NiFi
High
CVE-2017-5635
was published
for
org.apache.nifi:nifi
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API