Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Rancher generated tokens not revoked after modifications made to authentication provider High
GHSA-c45c-39f6-6gw9 was published for github.com/rancher/rancher (Go) Jan 25, 2023
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication High
CVE-2022-39219 was published for github.com/brokercap/Bifrost (Go) Sep 27, 2022
tarihub
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass High
CVE-2022-39267 was published for github.com/brokercap/Bifrost (Go) Oct 18, 2022
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Traefik Missing Authentication High
CVE-2018-15598 was published for github.com/traefik/traefik (Go) May 13, 2022
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled High
CVE-2023-43809 was published for github.com/charmbracelet/soft-serve (Go) Oct 2, 2023
JJGadgets
Authentication bypass vulnerability in navidrome's subsonic endpoint High
CVE-2023-51442 was published for github.com/navidrome/navidrome (Go) Dec 19, 2023
crazygolem
Account compromise in Evmos High
CVE-2022-24738 was published for github.com/tharsis/evmos (Go) Mar 7, 2022
colin-axner
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
HashiCorp Vault Authentication bypass High
CVE-2020-16251 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
andrewpollock
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database