GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Etcd-io Improper Authentication vulnerability
Critical
CVE-2021-28235
was published
for
go.etcd.io/etcd/v3
(Go)
Apr 4, 2023
jeecg-boot vulnerable to improper authentication
Critical
CVE-2023-1784
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
Ansible Semaphore mishandles authentication
Critical
CVE-2023-28609
was published
for
github.com/ansible-semaphore/semaphore
(Go)
Mar 18, 2023
Full authentication bypass if SASL authorization username is specified
Critical
CVE-2023-27582
was published
for
github.com/foxcpp/maddy
(Go)
Mar 14, 2023
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Critical
CVE-2022-41912
was published
for
github.com/crewjam/saml
(Go)
Nov 29, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Critical
CVE-2018-21246
was published
for
github.com/caddyserver/caddy
(Go)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API