GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
93 advisories
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API