GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
Paramiko not properly checking authentication before processing other requests
Critical
CVE-2018-7750
was published
for
paramiko
(pip)
Jul 12, 2018
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature
Critical
CVE-2018-14643
was published
for
smart_proxy_dynflow
(RubyGems)
Oct 8, 2018
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
Critical
CVE-2016-4432
was published
for
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
(Maven)
Oct 16, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
Authentication Bypass in console-io
Critical
CVE-2016-10532
was published
for
console-io
(npm)
Feb 18, 2019
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
API Admin Auth Weakness in tomato
Critical
CVE-2013-7379
was published
for
tomato
(npm)
Aug 31, 2020
Authentication Bypass in express-laravel-passport
Critical
GHSA-v66p-w7qx-wv98
was published
for
express-laravel-passport
(npm)
Sep 4, 2020
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
Authentication bypass in Apache Shiro
Critical
CVE-2020-17510
was published
for
org.apache.shiro:shiro-spring
(Maven)
Apr 22, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Authentication bypass in MAGMI
Critical
CVE-2020-5777
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-11989
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-1957
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Traffic Control
Critical
CVE-2019-12405
was published
for
github.com/apache/trafficcontrol
(Go)
May 18, 2021
Improper Authentication in InfluxDB
Critical
CVE-2019-20933
was published
for
github.com/influxdata/influxdb
(Go)
May 18, 2021
Authentication Bypass in tyk-identity-broker
Critical
CVE-2021-23365
was published
for
github.com/tyktechnologies/tyk-identity-broker
(Go)
Jun 23, 2021
XML Processing error in github.com/crewjam/saml
Critical
CVE-2020-27846
was published
for
github.com/crewjam/saml
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API