Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

134 advisories

Loading
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation Critical
CVE-2024-47806 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit Moderate
CVE-2024-8642 was published for org.eclipse.edc:transfer-data-plane (Maven) Sep 11, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 proddata
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
WebAuthn4J Spring Security Improper signature counter value handling Moderate
CVE-2023-45669 was published for com.webauthn4j:webauthn4j-spring-security-core (Maven) Oct 17, 2023
mbudnick
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness timtebeek
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
ProTip! Advisories are also available from the GraphQL API