GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
High
CVE-2023-37544
was published
for
org.apache.pulsar:pulsar-websocket
(Maven)
Dec 20, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Apache OpenMeetings Improper Authentication vulnerability
High
CVE-2023-29032
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 12, 2023
Keycloak vulnerable to user impersonation via stolen UUID code
High
CVE-2023-0264
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 2, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication
High
CVE-2023-24830
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 30, 2023
•
withdrawn
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
High
CVE-2022-39248
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
High
CVE-2022-39246
was published
for
org.matrix.android:matrix-android-sdk2
(Maven)
Sep 30, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
High
CVE-2022-36092
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
High
CVE-2021-3632
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Use of Hard-coded Credentials in Nacos
High
CVE-2021-43116
was published
for
com.alibaba.nacos:nacos-client
(Maven)
Jul 6, 2022
Keycloak Authentication Error
High
CVE-2019-14909
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
Improper Authentication in Jenkins
High
CVE-2017-1000354
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Apache Solr insecure inter-node communication
High
CVE-2017-7660
was published
for
org.apache.solr:solr-core
(Maven)
May 14, 2022
Apache Solr Kerberos delegation token functionality flaws
High
CVE-2017-9803
was published
for
org.apache.solr:solr-core
(Maven)
May 14, 2022
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests
High
CVE-2011-3190
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Apache WSS4J
High
CVE-2014-3612
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 14, 2022
Improper Authentication In Apache NiFi
High
CVE-2017-5635
was published
for
org.apache.nifi:nifi
(Maven)
May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
High
CVE-2017-1000106
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin
High
CVE-2017-2652
was published
for
org.jenkins-ci.plugins:distfork
(Maven)
May 13, 2022
Keycloak Oauth Implementation Error
High
CVE-2017-12160
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Improper Authentication in Pivotal Spring-LDAP
High
CVE-2017-8028
was published
for
org.springframework.ldap:spring-ldap-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API