GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
92 advisories
Filter by severity
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Magento Open Source Improper Authentication vulnerability
Critical
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Etcd-io Improper Authentication vulnerability
Critical
CVE-2021-28235
was published
for
go.etcd.io/etcd/v3
(Go)
Apr 4, 2023
jeecg-boot vulnerable to improper authentication
Critical
CVE-2023-1784
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
Ansible Semaphore mishandles authentication
Critical
CVE-2023-28609
was published
for
github.com/ansible-semaphore/semaphore
(Go)
Mar 18, 2023
Full authentication bypass if SASL authorization username is specified
Critical
CVE-2023-27582
was published
for
github.com/foxcpp/maddy
(Go)
Mar 14, 2023
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Critical
CVE-2022-41912
was published
for
github.com/crewjam/saml
(Go)
Nov 29, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
ProTip!
Advisories are also available from the
GraphQL API