Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

150 advisories

Loading
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Broken Authentication in Atlassian Connect Spring Boot Moderate
CVE-2021-26074 was published for com.atlassian.connect:atlassian-connect-spring-boot-starter (Maven) May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability Moderate
CVE-2018-11770 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Improper Input Validation in org.apache.qpid:qpid-broker Moderate
CVE-2016-3094 was published for org.apache.qpid:qpid-broker (Maven) Oct 16, 2018
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
ProTip! Advisories are also available from the GraphQL API