Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry
Moderate severity vulnerability that affects Products.PlonePAS Moderate
CVE-2009-0662 was published for Products.PlonePAS (pip) Jul 23, 2018
Improper Input Validation in org.apache.qpid:qpid-broker Moderate
CVE-2016-3094 was published for org.apache.qpid:qpid-broker (Maven) Oct 16, 2018
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability Moderate
CVE-2018-11770 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Session key exposure through session list in Django User Sessions Moderate
CVE-2020-5224 was published for django-user-sessions (pip) Jan 24, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Broken Authentication in Atlassian Connect Spring Boot Moderate
CVE-2021-26074 was published for com.atlassian.connect:atlassian-connect-spring-boot-starter (Maven) May 10, 2021
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database