Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni kevinroh-okta
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Opendaylight will authenticate any username and password combination Critical
CVE-2015-1778 was published for org.opendaylight.odlparent:opendaylight-karaf-resources (Maven) May 17, 2022
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash Critical
CVE-2014-3945 was published for typo3/cms (Composer) May 17, 2022
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
Magento Open Source Improper Authentication vulnerability Critical
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
OpenStack Swauth object/proxy server writing Auth Token to log file Critical
CVE-2017-16613 was published for swauth (pip) May 17, 2022
Improper Authentication in requests-kerberos Critical
CVE-2014-8650 was published for requests-kerberos (pip) Mar 10, 2020
SaltStack Salt Remote command execution and incorrect access control when using salt-api Critical
CVE-2018-15751 was published for salt (pip) May 13, 2022
SaltStack Salt Improper Authentication vulnerability Critical
CVE-2021-25281 was published for salt (pip) May 24, 2022
pysaml2 Improper Authentication vulnerability Critical
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
Paramiko not properly checking authentication before processing other requests Critical
CVE-2018-7750 was published for paramiko (pip) Jul 12, 2018
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database