Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,414 advisories

Loading
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
Improper Authentication in react-adal High
CVE-2020-7787 was published for react-adal (npm) Apr 13, 2021
Improper Authentication in Apache Hadoop High
CVE-2018-11765 was published for org.apache.hadoop:hadoop-main (Maven) Apr 30, 2021
Authentication bypass in Apache Shiro High
CVE-2020-13933 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
MinIO Admin API security issue High Unreviewed
CVE-2020-11012 was published May 24, 2021
vadmeste aead
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Auto-merging Person Records Compromised High
CVE-2021-32691 was published for @apollosproject/data-connector-rock (npm) Jun 21, 2021
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Improper Authentication in Apereo CAS High
CVE-2020-27178 was published for org.apereo.cas:cas-server-support-otp-mfa-core (Maven) Aug 2, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Authentication bypass in Apache Zeppelin High
CVE-2020-13929 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and... High Unreviewed
CVE-2021-20861 was published Dec 2, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that... High Unreviewed
CVE-2021-43175 was published Dec 8, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database