GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
150 advisories
Filter by severity
Improper Access Control in Onionshare
Moderate
CVE-2022-21695
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Potential bypass of an upstream access control based on URL paths in Django
Moderate
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Improper Access Control in passport-oauth2
Moderate
CVE-2021-41580
was published
for
passport-oauth2
(npm)
Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Broken Authentication in Atlassian Connect Spring Boot
Moderate
CVE-2021-26074
was published
for
com.atlassian.connect:atlassian-connect-spring-boot-starter
(Maven)
May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
Lack of URL normalization may lead to authorization bypass when URL access rules are used
Moderate
CVE-2020-24660
was published
for
lemonldap-ng-handler
(npm)
Sep 9, 2020
Authentication Bypass in saml2-js
Moderate
GHSA-mfcp-34xw-p57x
was published
for
saml2-js
(npm)
Sep 3, 2020
Validation Bypass in paypal-ipn
Moderate
CVE-2014-10067
was published
for
paypal-ipn
(npm)
Aug 31, 2020
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability
Moderate
CVE-2018-11770
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Nov 9, 2018
Improper Input Validation in org.apache.qpid:qpid-broker
Moderate
CVE-2016-3094
was published
for
org.apache.qpid:qpid-broker
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
actionpack Improper Authentication vulnerability
Moderate
CVE-2012-3424
was published
for
actionpack
(RubyGems)
Oct 24, 2017
ProTip!
Advisories are also available from the
GraphQL API