GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
386 advisories
Filter by severity
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
High
CVE-2022-39267
was published
for
github.com/brokercap/Bifrost
(Go)
Oct 18, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Critical
CVE-2018-21246
was published
for
github.com/caddyserver/caddy
(Go)
Oct 6, 2022
isolated-vm has vulnerable CachedDataOptions in API
Critical
CVE-2022-39266
was published
for
isolated-vm
(npm)
Sep 30, 2022
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
High
CVE-2022-39254
was published
for
matrix-nio
(pip)
Sep 30, 2022
matrix-sdk-crypto contains potential impersonation via room key forward responses
Moderate
CVE-2022-39252
was published
for
matrix-sdk-crypto
(Rust)
Sep 30, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
High
CVE-2022-39250
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
Upstash Adapter missing token verification
Moderate
CVE-2022-39263
was published
for
@next-auth/upstash-redis-adapter
(npm)
Sep 30, 2022
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
High
CVE-2022-39248
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
High
CVE-2022-39246
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
High
CVE-2022-39251
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
High
CVE-2022-39249
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
Moodle type juggling vulnerability
Moderate
CVE-2021-40693
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
Snipe-IT vulnerable to Improper Authentication
Moderate
CVE-2022-3173
was published
for
snipe/snipe-it
(Composer)
Sep 18, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users
Moderate
CVE-2022-36106
was published
for
typo3/cms
(Composer)
Sep 16, 2022
VNCAuthProxy authentication bypass vulnerability
Critical
CVE-2022-36436
was published
for
vncauthproxy
(pip)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API