GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,089
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
382 advisories
Filter by severity
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
phpMyAdmin Improper Authentication
High
CVE-2018-12613
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
Moodle Improper Authentication
High
CVE-2018-1082
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle type juggling vulnerability
Moderate
CVE-2021-40693
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Zend Access Restriction Bypass
Moderate
CVE-2014-8088
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
Keycloak discloses information without authentication
Moderate
CVE-2020-27838
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Saltstack Salt Unauthenticated Arbitrary Code Execution
High
CVE-2021-25315
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api
Critical
CVE-2018-15751
was published
for
salt
(pip)
May 13, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Improper Authentication vulnerability
Critical
CVE-2021-25281
was published
for
salt
(pip)
May 24, 2022
Improper Authentication in phpmyadmin
Moderate
CVE-2022-23807
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 28, 2022
Access Restriction Bypass in go-ldap
High
CVE-2017-14623
was published
for
github.com/go-ldap/ldap
(Go)
Feb 15, 2022
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
Improper Authentication in Jenkins
High
CVE-2017-1000354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Improper Authentication in Pivotal Spring-LDAP
High
CVE-2017-8028
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
May 13, 2022
Zope Object Database (ZODB) Authentication bypass in ZEO storage servers
High
CVE-2009-0669
was published
for
ZODB3
(pip)
May 2, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2013-3060
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
ProTip!
Advisories are also available from the
GraphQL API