GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Improper Authentication in Jenkins
High
CVE-2017-1000354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Improper Authentication in Pivotal Spring-LDAP
High
CVE-2017-8028
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
May 13, 2022
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Missing permission checks in Jenkins Distributed Fork Plugin
High
CVE-2017-2652
was published
for
org.jenkins-ci.plugins:distfork
(Maven)
May 13, 2022
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
High
CVE-2023-37544
was published
for
org.apache.pulsar:pulsar-websocket
(Maven)
Dec 20, 2023
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Authentication bypass in Apache Zeppelin
High
CVE-2020-13929
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Apache OpenMeetings Improper Authentication vulnerability
High
CVE-2023-29032
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 12, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication
High
CVE-2023-24830
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 30, 2023
•
withdrawn
Keycloak Oauth Implementation Error
High
CVE-2017-12160
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Keycloak Authentication Error
High
CVE-2019-14909
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
High
CVE-2021-3632
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
User impersonation due to incorrect handling of the login JWT
High
CVE-2021-39177
was published
for
org.geysermc:connector
(Maven)
Sep 7, 2021
Improper Authentication in Atlassian Connect Spring Boot
High
CVE-2021-26077
was published
for
com.atlassian.connect:atlassian-connect-spring-boot
(Maven)
Jun 16, 2021
Improper Authentication in Apereo CAS
High
CVE-2020-27178
was published
for
org.apereo.cas:cas-server-support-otp-mfa-core
(Maven)
Aug 2, 2021
Authentication bypass in Apache Shiro
High
CVE-2020-13933
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Hadoop
High
CVE-2018-11765
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Apr 30, 2021
ProTip!
Advisories are also available from the
GraphQL API