Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

16 advisories

Loading
Internal NCryptDecrypt method could be used externally from WindowsHello library. Moderate
CVE-2020-11005 was published for HaemmerElectronics.SeppPenner.WindowsHello (NuGet) Apr 14, 2020
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat Critical
CVE-2016-5018 was published for org.apache.tomcat.embed:tomcat-embed-jasper (Maven) May 13, 2022
sunSUNQ westonsteimel
Moodle Authentication Bypass in Question-Bank Moderate
CVE-2012-2356 was published for moodle/moodle (Composer) May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security Moderate
CVE-2010-3700 was published for org.acegisecurity:acegi-security (Maven) May 14, 2022
westonsteimel
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
kube-apiserver authentication bypass vulnerability High
CVE-2023-1260 was published for github.com/openshift/apiserver-library-go (Go) Sep 24, 2023
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
Silverpeas authentication bypass Critical
CVE-2024-36042 was published for org.silverpeas.core:silverpeas-core (Maven) Jun 3, 2024
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza
ProTip! Advisories are also available from the GraphQL API