Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
EverShop vulnerable to improper authorization in GraphQL endpoints High
CVE-2023-46942 was published for @evershop/evershop (npm) Jan 13, 2024
Omniauth::MicrosoftGraph Account takeover (nOAuth) High
CVE-2024-21632 was published for omniauth-microsoft_graph (RubyGems) Jan 3, 2024
makuga01
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint High
CVE-2023-51442 was published for github.com/navidrome/navidrome (Go) Dec 19, 2023
crazygolem
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz innerdvations
derrickmehaffy christiancp100
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
asyncua Improper Authentication vulnerability High
CVE-2023-26150 was published for asyncua (pip) Oct 3, 2023
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled High
CVE-2023-43809 was published for github.com/charmbracelet/soft-serve (Go) Oct 2, 2023
JJGadgets
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Rancher generated tokens not revoked after modifications made to authentication provider High
GHSA-c45c-39f6-6gw9 was published for github.com/rancher/rancher (Go) Jan 25, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
kyverno verifyImages rule bypass possible with malicious proxy/registry High
CVE-2022-47633 was published for github.com/kyverno/kyverno (Go) Dec 21, 2022
slashben
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass High
CVE-2022-39267 was published for github.com/brokercap/Bifrost (Go) Oct 18, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder High
CVE-2022-39254 was published for matrix-nio (pip) Sep 30, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification High
CVE-2022-39250 was published for matrix-js-sdk (npm) Sep 30, 2022
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion High
CVE-2022-39248 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions High
CVE-2022-39246 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion High
CVE-2022-39251 was published for matrix-js-sdk (npm) Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding High
CVE-2022-39249 was published for matrix-js-sdk (npm) Sep 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database