GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,983
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
148 advisories
Filter by severity
Withdrawn Advisory: Apache IoTDB contains Improper Authentication
High
CVE-2023-24830
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 30, 2023
•
withdrawn
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
CodeIgniter4 Potential Session Handlers Vulnerability
High
CVE-2022-46170
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
kyverno verifyImages rule bypass possible with malicious proxy/registry
High
CVE-2022-47633
was published
for
github.com/kyverno/kyverno
(Go)
Dec 21, 2022
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
High
CVE-2022-39267
was published
for
github.com/brokercap/Bifrost
(Go)
Oct 18, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
High
CVE-2022-39250
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
High
CVE-2022-39248
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
High
CVE-2022-39246
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
High
CVE-2022-39251
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
High
CVE-2022-39249
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
High
CVE-2022-36092
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
High
CVE-2021-3632
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Raneto Denial of Service via crafted payload injected into `Search` parameter
High
CVE-2022-35142
was published
for
raneto
(npm)
Aug 5, 2022
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core
High
CVE-2022-29865
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Jun 17, 2022
TiDB authentication bypass vulnerability
High
CVE-2022-31011
was published
for
github.com/pingcap/tidb
(Go)
Jun 6, 2022
ProTip!
Advisories are also available from the
GraphQL API