Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
Improper Authentication in Apache WSS4J Moderate
CVE-2014-3623 was published for org.apache.ws.security:wss4j (Maven) May 13, 2022
coheigea
Improper Authentication in Apache Axis2 Moderate
CVE-2012-5351 was published for org.apache.axis2:axis2 (Maven) May 13, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
Improper Authentication in Apache CXF Moderate
CVE-2013-0239 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 5, 2022
sunSUNQ
Zope DocumentTemplate package allows unauthenticated write Moderate
CVE-2000-0483 was published for zope (pip) May 3, 2022
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential Moderate
CVE-2009-3635 was published for typo3/cms (Composer) May 2, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2009-2901 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts Moderate
CVE-2009-1595 was published for org.igniterealtime.openfire:parent (Maven) May 2, 2022
Improper Authentication in pyftpdlib Moderate
CVE-2007-6737 was published for pyftpdlib (pip) May 1, 2022
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Keycloak is vulnerable to IDN homograph attack Moderate
CVE-2021-3424 was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
Incorrect Access Control in ImpressCMS Moderate
CVE-2021-26598 was published for impresscms/impresscms (Composer) Mar 29, 2022
Sudden swap of user auth tokens in Volto Moderate
CVE-2022-24740 was published for @plone/volto (npm) Mar 14, 2022
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
Improper Authentication for Keycloak Moderate
CVE-2020-1718 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database