Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

167 advisories

Loading
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-14856 was published for ansible (pip) May 24, 2022
Salt has insufficient argument validation in several modules High
CVE-2013-4435 was published for salt (pip) May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend High
CVE-2014-2237 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone drewblas
leviem1 orien aramprice intrigus-lgtm alagos longkt90 ChrisBAshton potsbo libussa
OpenStack Keystone Improper Authentication vulnerability High
CVE-2012-4456 was published for keystone (pip) May 14, 2022
Apache Solr insecure inter-node communication High
CVE-2017-7660 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Apache Solr Kerberos delegation token functionality flaws High
CVE-2017-9803 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Improper Authentication in Apache WSS4J High
CVE-2014-3612 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Improper Authentication In Apache NiFi High
CVE-2017-5635 was published for org.apache.nifi:nifi (Maven) May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin High
CVE-2017-1000106 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin High
CVE-2017-2652 was published for org.jenkins-ci.plugins:distfork (Maven) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Keycloak Oauth Implementation Error High
CVE-2017-12160 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Improper Authentication in Pivotal Spring-LDAP High
CVE-2017-8028 was published for org.springframework.ldap:spring-ldap-core (Maven) May 13, 2022
guidobonomi
OXID eShop user impersonation vulnerability High
CVE-2015-6926 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2022
Traefik Missing Authentication High
CVE-2018-15598 was published for github.com/traefik/traefik (Go) May 13, 2022
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
omniauth-facebook Improper Authentication vulnerability High
CVE-2013-4593 was published for omniauth-facebook (RubyGems) May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database