GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
High
CVE-2025-23389
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials
High
CVE-2025-47889
was published
for
org.jenkins-ci.plugins:wso2id-oauth
(Maven)
May 14, 2025
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
High
CVE-2021-29047
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
May 24, 2022
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Spring Security Does Not Enforce Password Length
High
CVE-2025-22228
was published
for
org.springframework.security:spring-security-crypto
(Maven)
Mar 20, 2025
kyverno verifyImages rule bypass possible with malicious proxy/registry
High
CVE-2022-47633
was published
for
github.com/kyverno/kyverno
(Go)
Dec 21, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
High
CVE-2014-2237
was published
for
keystone
(pip)
May 17, 2022
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information
High
CVE-2010-4481
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
Joomla CMS Multi-Factor Authentication Bypass
High
CVE-2025-25227
was published
for
joomla/joomla-cms
(Composer)
Apr 8, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
High
CVE-2024-8053
was published
for
open-webui
(pip)
Mar 20, 2025
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
High
CVE-2025-27403
was published
for
github.com/deislabs/ratify
(Go)
Mar 11, 2025
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Account Takeover in Octobercms
High
CVE-2021-32648
was published
for
october/system
(Composer)
Aug 30, 2021
Broken Authentication in Atlassian Connect Express
High
CVE-2021-26073
was published
for
atlassian-connect-express
(npm)
May 24, 2022
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
High
CVE-2024-56329
was published
for
joelbutcher/socialstream
(Composer)
Dec 20, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
ProTip!
Advisories are also available from the
GraphQL API