GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
AsyncSSH SSH Server Authentication Bypass
Critical
CVE-2018-7749
was published
for
AsyncSSH
(pip)
May 14, 2022
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Critical
CVE-2019-17134
was published
for
octavia
(pip)
May 24, 2022
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
Symfony Authentication Bypass
Critical
CVE-2018-11407
was published
for
symfony/security
(Composer)
May 14, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability
Critical
CVE-2017-8827
was published
for
genix/cms
(Composer)
May 17, 2022
ThinkAdmin Administrator cookies still working after password change
Critical
CVE-2019-11018
was published
for
zoujingli/thinkadmin
(Composer)
May 13, 2022
Gitea Allows 1FA Even for 2FA-Enrolled Accounts
Critical
CVE-2019-11576
was published
for
code.gitea.io/gitea
(Go)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API