GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
Magento Open Source Improper Authentication vulnerability
Critical
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
OpenStack Swauth object/proxy server writing Auth Token to log file
Critical
CVE-2017-16613
was published
for
swauth
(pip)
May 17, 2022
Improper Authentication in requests-kerberos
Critical
CVE-2014-8650
was published
for
requests-kerberos
(pip)
Mar 10, 2020
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
pysaml2 Improper Authentication vulnerability
Critical
CVE-2017-1000433
was published
for
pysaml2
(pip)
Jul 13, 2018
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Paramiko not properly checking authentication before processing other requests
Critical
CVE-2018-7750
was published
for
paramiko
(pip)
Jul 12, 2018
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
python-kerberos vulnerable to KDC spoofing attacks
Critical
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Critical
CVE-2020-10594
was published
for
drf-jwt
(pip)
Jun 5, 2020
Improper Authentication in Buildbot
Critical
CVE-2019-12300
was published
for
buildbot
(pip)
May 29, 2019
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
AsyncSSH SSH Server Authentication Bypass
Critical
CVE-2018-7749
was published
for
AsyncSSH
(pip)
May 14, 2022
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API