GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
61 advisories
Filter by severity
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Limited Authentication Bypass for Media Files
Moderate
CVE-2022-29237
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
May 25, 2022
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Improper Authentication in Apache Hadoop
Moderate
CVE-2014-0229
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Improper Authentication in Apache Qpid
Moderate
CVE-2012-4446
was published
for
org.apache.qpid:qpid-client
(Maven)
May 17, 2022
Improper Authentication in Apache Axis2
Moderate
CVE-2012-5351
was published
for
org.apache.axis2:axis2
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5887
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
Moderate
CVE-2015-5298
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Jul 8, 2022
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider
Moderate
CVE-2022-38180
was published
for
io.ktor:ktor
(Maven)
Aug 13, 2022
Keycloak is vulnerable to IDN homograph attack
Moderate
CVE-2021-3424
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 28, 2022
Improper Authentication in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000110
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Improper Authentication for Keycloak
Moderate
CVE-2020-1718
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Broken Authentication in Atlassian Connect Spring Boot
Moderate
CVE-2021-26074
was published
for
com.atlassian.connect:atlassian-connect-spring-boot-starter
(Maven)
May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
Moderate
CVE-2018-1286
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 13, 2022
Improper Authentication in Apache WSS4J
Moderate
CVE-2014-3623
was published
for
org.apache.ws.security:wss4j
(Maven)
May 13, 2022
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Improper Authentication in Apache CXF
Moderate
CVE-2012-2378
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
Authentication Bypass in Apache Tomcat
Moderate
CVE-2012-3546
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Moderate
GHSA-vhvq-jh34-3fc8
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 13, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API