GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
High
CVE-2020-14359
was published
for
github.com/keycloak/keycloak-gatekeeper
(Go)
Feb 9, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
High
CVE-2021-21403
was published
for
github.com/kongchuanhujiao/server
(Go)
Feb 15, 2022
Keycloak Authentication Error
High
CVE-2019-14909
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected...
High
Unreviewed
CVE-2020-15787
was published
May 24, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse...
High
Unreviewed
CVE-2023-27535
was published
Mar 30, 2023
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS...
High
Unreviewed
CVE-2023-2959
was published
Jul 17, 2023
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1,...
High
Unreviewed
CVE-2023-36497
was published
Sep 11, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior...
High
Unreviewed
CVE-2023-4898
was published
Sep 12, 2023
NATS.io: Adding accounts for just the system account adds auth bypass
High
CVE-2023-47090
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 19, 2023
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS...
High
Unreviewed
CVE-2023-6998
was published
Dec 30, 2023
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could...
High
Unreviewed
CVE-2024-20015
was published
Feb 5, 2024
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an...
High
Unreviewed
CVE-2024-20378
was published
May 1, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with...
High
Unreviewed
CVE-2023-4727
was published
Jun 11, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege...
High
Unreviewed
CVE-2024-6637
was published
Jul 20, 2024
ProTip!
Advisories are also available from the
GraphQL API