Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

160 advisories

Loading
Zope DTML implementation Improper Authentication High
CVE-2000-0062 was published for zope (pip) Apr 30, 2022
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Account compromise in Evmos High
CVE-2022-24738 was published for github.com/tharsis/evmos (Go) Mar 7, 2022
colin-axner
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Authentication bypass in Apache Zeppelin High
CVE-2020-13929 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Improper Authentication in Apereo CAS High
CVE-2020-27178 was published for org.apereo.cas:cas-server-support-otp-mfa-core (Maven) Aug 2, 2021
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database