Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,559 advisories

Loading
User Registration Bypass in Zitadel High
CVE-2024-49757 was published for github.com/zitadel/zitadel (Go) Oct 25, 2024
evilgensec sevensolutions
fforootd stebenz
Trytond allows modification of privileges of arbitrary users High
CVE-2012-0215 was published for trytond (pip) May 4, 2022
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy High
CVE-2024-6535 was published for github.com/skupperproject/skupper (Go) Jul 17, 2024
Magento Open Source Improper Authentication vulnerability Critical
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Authentik vulnerable to PKCE downgrade attack High
CVE-2024-23647 was published for goauthentik.io (Go) Jan 29, 2024
pieterphilippaerts
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server... High Unreviewed
CVE-2023-22644 was published Sep 20, 2023
Indy's NODE_UPGRADE transaction vulnerable to remote code execution High
CVE-2022-31020 was published for indy-node (pip) Sep 2, 2022
shakreiner
Ansible password prompts could expose passwords High
CVE-2019-14856 was published for ansible (pip) May 24, 2022
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Autolab Misconfigured Reset Password Permissions High
CVE-2024-49376 was published for Autolab (RubyGems) Oct 25, 2024
HenryHuang2004
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-11209 was published Nov 14, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49039 was published Nov 12, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,... Moderate Unreviewed
CVE-2024-10963 was published Nov 7, 2024
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress... High Unreviewed
CVE-2024-9946 was published Nov 6, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-10020 was published Nov 6, 2024
An authentication bypass vulnerability has been identified in Foreman when deployed with External... Critical Unreviewed
CVE-2024-7012 was published Sep 4, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s... High Unreviewed
CVE-2023-29117 was published Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-10114 was published Nov 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database