GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
162 advisories
Filter by severity
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
High
CVE-2018-8171
was published
for
Microsoft.AspNetCore.Identity
(NuGet)
Oct 16, 2018
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authentication in Apache Karaf
High
CVE-2018-11787
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-1772
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Authentication in Apache Zeppelin
High
CVE-2018-1317
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Apr 24, 2019
Improper Key Verification in ipns
High
GHSA-j59f-6m4q-62h6
was published
for
ipns
(npm)
May 30, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
Python-saml allows manipulation of SAML data without invalidation of cryptographic signature
High
CVE-2017-11427
was published
for
python-saml
(pip)
Jul 5, 2019
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
High
CVE-2017-11430
was published
for
omniauth-saml
(RubyGems)
Jul 5, 2019
Improper Authentication in Auth0.AuthenticationApi
High
CVE-2019-16929
was published
for
Auth0.AuthenticationApi
(NuGet)
Oct 24, 2019
JSON-jwt Gem lacked element count during splitting of JWE string
High
CVE-2019-18848
was published
for
json-jwt
(RubyGems)
Nov 14, 2019
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Authentication and extension bypass in Faye
High
CVE-2020-11020
was published
for
faye
(RubyGems)
Apr 29, 2020
Authentication Bypass in otpauth
High
GHSA-rmmc-8cqj-hfp3
was published
for
otpauth
(npm)
Sep 3, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
High
GHSA-c27r-x354-4m68
was published
for
xml-crypto
(npm)
Oct 27, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Improper Authentication
High
GHSA-qxx8-292g-2w66
was published
for
Microsoft.Bot.Connector
(NuGet)
Mar 8, 2021
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
ProTip!
Advisories are also available from the
GraphQL API