GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
156 advisories
Filter by severity
Improper Authentication in Jenkins
Moderate
CVE-2018-1999045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
Moderate
CVE-2018-1286
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Dolibarr allows password changes without supplying the current password
Moderate
CVE-2017-8879
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000110
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Infinispan Rest API Does Not Enforce Auth Constraints
Moderate
CVE-2017-2638
was published
for
org.infinispan:infinispan-server-core
(Maven)
May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate
CVE-2018-0505
was published
for
mediawiki/core
(Composer)
May 13, 2022
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Moodle Users Can Bypass Deleted Status
Moderate
CVE-2012-0797
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Allows Unauthenticated Dropbox Access
Moderate
CVE-2012-5471
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Authentication Bypass in File Upload
Moderate
CVE-2012-3387
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-2378
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2012-5633
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Improper Authentication in Apache Axis2
Moderate
CVE-2012-5351
was published
for
org.apache.axis2:axis2
(Maven)
May 13, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
Improper Authentication in Apache CXF
Moderate
CVE-2013-0239
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 5, 2022
Trytond allows modification of privileges of arbitrary users
Moderate
CVE-2012-0215
was published
for
trytond
(pip)
May 4, 2022
Zope DocumentTemplate package allows unauthenticated write
Moderate
CVE-2000-0483
was published
for
zope
(pip)
May 3, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
Moderate
CVE-2009-1595
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 2, 2022
Improper Authentication in moodle
Moderate
CVE-2022-0985
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
Keycloak is vulnerable to IDN homograph attack
Moderate
CVE-2021-3424
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Incorrect Access Control in ImpressCMS
Moderate
CVE-2021-26598
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
ProTip!
Advisories are also available from the
GraphQL API