Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,399 advisories

TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-rxc9-f2x6-qh4w was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability High
GHSA-x4rj-f7m6-42c3 was published for typo3/cms-core (Composer) May 30, 2024
Thelia authentication bypass vulnerability High
GHSA-g8pg-33v4-9r96 was published for thelia/thelia (Composer) May 30, 2024
Symfony may allow a user to switch to using another user's identity Moderate
GHSA-7mx2-7q8p-pgmw was published for symfony/symfony (Composer) May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Moderate
GHSA-p5h2-vr99-xm99 was published for silverstripe/framework (Composer) May 27, 2024
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
scheb/two-factor-bundle bypass two-factor authentication with remember-me option High
GHSA-9phw-7h96-q3rv was published for scheb/two-factor-bundle (Composer) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token High
GHSA-h6mp-mc7g-mg49 was published for scheb/two-factor-bundle (Composer) May 21, 2024
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects... Low Unreviewed
CVE-2024-5044 was published May 17, 2024
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects... High Unreviewed
CVE-2023-41956 was published May 17, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This... Low Unreviewed
CVE-2024-3487 was published May 15, 2024
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows... High Unreviewed
CVE-2024-4129 was published May 14, 2024
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and... Critical Unreviewed
CVE-2024-3263 was published May 14, 2024
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version... Moderate Unreviewed
CVE-2024-4601 was published May 7, 2024
UltraLog Express device management interface does not properly perform access authentication in... Moderate Unreviewed
CVE-2020-3920 was published May 24, 2022
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password... Moderate Unreviewed
CVE-2023-4641 was published Dec 27, 2023
ProTip! Advisories are also available from the GraphQL API