Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,722
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
NiceGUI On Air authentication issue High
CVE-2025-21618 was published for nicegui (pip) Jan 6, 2025
streamcfd rodja
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback High
CVE-2024-56329 was published for joelbutcher/socialstream (Composer) Dec 20, 2024
carlosmintfan
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
Apache Ozone: Improper authentication when generating S3 secrets High
CVE-2024-45106 was published for org.apache.ozone:ozone (Maven) Dec 3, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
User Registration Bypass in Zitadel High
CVE-2024-49757 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
evilgensec sevensolutions
fforootd stebenz
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
adombeck
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Withdrawn Advisory: Lunary Improper Authentication vulnerability High
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024 withdrawn
vincelwt
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy High
CVE-2024-6535 was published for github.com/skupperproject/skupper (Go) Jul 17, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
Zendframework potential security issue in login mechanism High
GHSA-9v78-h226-2rmq was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database