GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
386 advisories
Filter by severity
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Critical
CVE-2024-25128
was published
for
Flask-AppBuilder
(pip)
Feb 28, 2024
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
python-kerberos vulnerable to KDC spoofing attacks
High
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5063
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2011-5062
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2009-2901
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
OctoPrint Unverified Password Change via Access Control Settings
Moderate
CVE-2024-23637
was published
for
OctoPrint
(pip)
Jan 31, 2024
TYPO3 Authentication Bypass via Salted user password hashes extension
High
CVE-2010-1022
was published
for
typo3/cms-saltedpasswords
(Composer)
May 2, 2022
•
withdrawn
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
rails vulnerable to improper authentication
Critical
CVE-2009-2422
was published
for
rails
(RubyGems)
Oct 24, 2017
Symfony Authentication Bypass
Critical
CVE-2016-2403
was published
for
symfony/security
(Composer)
May 14, 2022
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate
CVE-2012-6431
was published
for
symfony/http-foundation
(Composer)
May 17, 2022
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
ProTip!
Advisories are also available from the
GraphQL API