GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Critical
CVE-2020-2300
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Critical
CVE-2020-2301
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Improper Authentication in Jenkins Active Directory Plugin
Critical
CVE-2020-2299
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
Improper Authentication in Apache ShenYu Admin
Critical
CVE-2021-37580
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Nov 17, 2021
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
jeecg-boot vulnerable to improper authentication
Critical
CVE-2023-1784
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
Improper Authentication in Apache CXF
Critical
CVE-2012-0803
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Remote code execution in net.mingsoft:ms-mcms
Critical
CVE-2021-46384
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 5, 2022
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
Critical
CVE-2016-4432
was published
for
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
(Maven)
Oct 16, 2018
Authentication bypass in Apache Shiro
Critical
CVE-2020-17510
was published
for
org.apache.shiro:shiro-spring
(Maven)
Apr 22, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-11989
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-1957
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Authentication bypass in Apache Shiro
Critical
CVE-2020-17523
was published
for
org.apache.shiro:shiro-spring
(Maven)
Feb 9, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
ProTip!
Advisories are also available from the
GraphQL API