GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,542
NuGet
619
pip
3,127
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Apache Submarine Commons Utils has a hard-coded secret
Moderate
CVE-2024-36264
was published
for
org.apache.submarine:submarine-commons-utils
(Maven)
Jun 12, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Improper Authentication in Spring Authorization Server
Moderate
CVE-2024-22258
was published
for
org.springframework.security:spring-security-oauth2-authorization-server
(Maven)
Mar 20, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
WebAuthn4J Spring Security Improper signature counter value handling
Moderate
CVE-2023-45669
was published
for
com.webauthn4j:webauthn4j-spring-security-core
(Maven)
Oct 17, 2023
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate
CVE-2023-0105
was published
for
org.keycloak:keycloak-core
(Maven)
Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability
Moderate
CVE-2023-31007
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame
Moderate
CVE-2023-32081
was published
for
io.vertx:vertx-stomp
(Maven)
May 12, 2023
Apache DolphinScheduler's python gateway suffered from improper authentication
Moderate
CVE-2023-25601
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Apr 20, 2023
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Moderate
GHSA-vhvq-jh34-3fc8
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 13, 2023
•
withdrawn
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider
Moderate
CVE-2022-38180
was published
for
io.ktor:ktor
(Maven)
Aug 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
Moderate
CVE-2015-5298
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Jul 8, 2022
Limited Authentication Bypass for Media Files
Moderate
CVE-2022-29237
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
May 25, 2022
Keycloak discloses information without authentication
Moderate
CVE-2020-27838
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Improper Authentication in Apache MyFaces
Moderate
CVE-2010-2057
was published
for
org.apache.myfaces.core:myfaces-impl
(Maven)
May 17, 2022
Apache Axis2 Vulnerable to XML Signature wrapping attack
Moderate
CVE-2012-4418
was published
for
org.apache.axis2:axis2
(Maven)
May 17, 2022
Improper Authentication in Apache Qpid
Moderate
CVE-2012-4446
was published
for
org.apache.qpid:qpid-client
(Maven)
May 17, 2022
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API