Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
Apache Ozone: Improper authentication when generating S3 secrets High
CVE-2024-45106 was published for org.apache.ozone:ozone (Maven) Dec 3, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 proddata
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion High
CVE-2022-39248 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions High
CVE-2022-39246 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action High
CVE-2022-36092 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow High
CVE-2021-3632 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Use of Hard-coded Credentials in Nacos High
CVE-2021-43116 was published for com.alibaba.nacos:nacos-client (Maven) Jul 6, 2022
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use High
CVE-2021-29047 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache Solr insecure inter-node communication High
CVE-2017-7660 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Apache Solr Kerberos delegation token functionality flaws High
CVE-2017-9803 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Apache WSS4J High
CVE-2014-3612 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Improper Authentication In Apache NiFi High
CVE-2017-5635 was published for org.apache.nifi:nifi (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database