Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

43 advisories

Loading
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for crate (Maven) Jan 30, 2024
Tu0Laj1
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Authentication in Pivotal Spring-LDAP High
CVE-2017-8028 was published for org.springframework.ldap:spring-ldap-core (Maven) May 13, 2022
guidobonomi
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Missing permission checks in Jenkins Distributed Fork Plugin High
CVE-2017-2652 was published for org.jenkins-ci.plugins:distfork (Maven) May 13, 2022
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Improper Authentication in Apache WSS4J High
CVE-2014-3612 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Authentication bypass in Apache Zeppelin High
CVE-2020-13929 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Keycloak Oauth Implementation Error High
CVE-2017-12160 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Use of Hard-coded Credentials in Nacos High
CVE-2021-43116 was published for com.alibaba.nacos:nacos-client (Maven) Jul 6, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow High
CVE-2021-3632 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
Improper Authentication in Apereo CAS High
CVE-2020-27178 was published for org.apereo.cas:cas-server-support-otp-mfa-core (Maven) Aug 2, 2021
Authentication bypass in Apache Shiro High
CVE-2020-13933 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Improper Authentication in Apache Hadoop High
CVE-2018-11765 was published for org.apache.hadoop:hadoop-main (Maven) Apr 30, 2021
ProTip! Advisories are also available from the GraphQL API