GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,399 advisories
Filter by severity
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Thelia authentication bypass vulnerability
High
GHSA-g8pg-33v4-9r96
was published
for
thelia/thelia
(Composer)
May 30, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
A vulnerability was found in Emlog Pro 2.3.4. It has been classified as problematic. This affects...
Low
Unreviewed
CVE-2024-5044
was published
May 17, 2024
Improper Authentication vulnerability in smp7, wp.Insider Simple Membership.This issue affects...
High
Unreviewed
CVE-2023-41956
was published
May 17, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate
CVE-2018-0505
was published
for
mediawiki/core
(Composer)
May 13, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Broken authentication and session managememt
Moderate
CVE-2019-8108
was published
for
magento/community-edition
(Composer)
May 24, 2022
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This...
Low
Unreviewed
CVE-2024-3487
was published
May 15, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows...
High
Unreviewed
CVE-2024-4129
was published
May 14, 2024
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and...
Critical
Unreviewed
CVE-2024-3263
was published
May 14, 2024
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version...
Moderate
Unreviewed
CVE-2024-4601
was published
May 7, 2024
UltraLog Express device management interface does not properly perform access authentication in...
Moderate
Unreviewed
CVE-2020-3920
was published
May 24, 2022
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password...
Moderate
Unreviewed
CVE-2023-4641
was published
Dec 27, 2023
ProTip!
Advisories are also available from the
GraphQL API