Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

43 advisories

Loading
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Improper Authentication in Keycloak High
CVE-2018-14637 was published for org.keycloak:keycloak-core (Maven) Dec 21, 2018
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-1772 was published for org.apache.hive:hive (Maven) Mar 14, 2019
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
Improper Authentication in Mortbay Jetty High
CVE-2007-5614 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action High
CVE-2022-36092 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Apache Solr insecure inter-node communication High
CVE-2017-7660 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Apache Solr Kerberos delegation token functionality flaws High
CVE-2017-9803 was published for org.apache.solr:solr-core (Maven) May 14, 2022
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion High
CVE-2022-39248 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions High
CVE-2022-39246 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
Improper Authentication In Apache NiFi High
CVE-2017-5635 was published for org.apache.nifi:nifi (Maven) May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin High
CVE-2017-1000106 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Improper Authentication in Apache Zeppelin High
CVE-2018-1317 was published for org.apache.zeppelin:zeppelin (Maven) Apr 24, 2019
Improper Authentication in Apache Hadoop High
CVE-2018-11765 was published for org.apache.hadoop:hadoop-main (Maven) Apr 30, 2021
Authentication bypass in Apache Shiro High
CVE-2020-13933 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Improper Authentication in Apereo CAS High
CVE-2020-27178 was published for org.apereo.cas:cas-server-support-otp-mfa-core (Maven) Aug 2, 2021
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow High
CVE-2021-3632 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Use of Hard-coded Credentials in Nacos High
CVE-2021-43116 was published for com.alibaba.nacos:nacos-client (Maven) Jul 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database