GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authentication in Apache Karaf
High
CVE-2018-11787
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
Improper Authentication
High
GHSA-qxx8-292g-2w66
was published
for
Microsoft.Bot.Connector
(NuGet)
Mar 8, 2021
Authentication Bypass in otpauth
High
GHSA-rmmc-8cqj-hfp3
was published
for
otpauth
(npm)
Sep 3, 2020
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-1772
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
High
GHSA-c27r-x354-4m68
was published
for
xml-crypto
(npm)
Oct 27, 2020
Ruby-SAML Improper Authentication vulnerability
High
CVE-2017-11428
was published
for
ruby-saml
(RubyGems)
Jul 5, 2019
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
omniauth-facebook Improper Authentication vulnerability
High
CVE-2013-4593
was published
for
omniauth-facebook
(RubyGems)
May 5, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Account Takeover in Octobercms
High
CVE-2021-32648
was published
for
october/system
(Composer)
Aug 30, 2021
Deleted Admin Can Sign In to Admin Interface
High
CVE-2021-41126
was published
for
october/october
(Composer)
Oct 6, 2021
ECP SAML binding bypasses authentication flows
High
CVE-2021-3827
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Apr 27, 2022
Improper Authentication in Mortbay Jetty
High
CVE-2007-5614
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Authentication in Spring Security
High
CVE-2014-0097
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
High
CVE-2022-36092
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
ProTip!
Advisories are also available from the
GraphQL API