Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

386 advisories

Loading
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID Critical
CVE-2024-25128 was published for Flask-AppBuilder (pip) Feb 28, 2024
parantheses dpgaspar
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients High
CVE-2021-31606 was published for openvpn-monitor (pip) May 24, 2022
python-kerberos vulnerable to KDC spoofing attacks High
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2011-5063 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2011-5062 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2009-2901 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert
TYPO3 Authentication Bypass via Salted user password hashes extension High
CVE-2010-1022 was published for typo3/cms-saltedpasswords (Composer) May 2, 2022 withdrawn
VNCAuthProxy authentication bypass vulnerability Critical
CVE-2022-36436 was published for vncauthproxy (pip) Sep 16, 2022
rails vulnerable to improper authentication Critical
CVE-2009-2422 was published for rails (RubyGems) Oct 24, 2017
Symfony Authentication Bypass Critical
CVE-2016-2403 was published for symfony/security (Composer) May 14, 2022
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1
Symfony Allows URI Restrictions Bypass Via Double-Encoded String Moderate
CVE-2012-6431 was published for symfony/http-foundation (Composer) May 17, 2022
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
ProTip! Advisories are also available from the GraphQL API