GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,542
NuGet
619
pip
3,127
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+
127 advisories
Filter by severity
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
org.apache.submarine:submarine-commons-utils
(Maven)
Jun 12, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
High
CVE-2023-37544
was published
for
org.apache.pulsar:pulsar-websocket
(Maven)
Dec 20, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
WebAuthn4J Spring Security Improper signature counter value handling
Moderate
CVE-2023-45669
was published
for
com.webauthn4j:webauthn4j-spring-security-core
(Maven)
Oct 17, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability
Moderate
CVE-2023-31007
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame
Moderate
CVE-2023-32081
was published
for
io.vertx:vertx-stomp
(Maven)
May 12, 2023
Apache OpenMeetings Improper Authentication vulnerability
High
CVE-2023-29032
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 12, 2023
Apache DolphinScheduler's python gateway suffered from improper authentication
Moderate
CVE-2023-25601
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Apr 20, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Apr 17, 2023
jeecg-boot vulnerable to improper authentication
Critical
CVE-2023-1784
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication
High
CVE-2023-24830
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 30, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API