GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,989
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
134 advisories
Filter by severity
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-7521
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authentication in Apache Karaf
High
CVE-2018-11787
was published
for
org.apache.karaf:apache-karaf
(Maven)
Jan 7, 2019
Improper Authentication in org.keycloak:keycloak-core
High
CVE-2016-8609
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
High
CVE-2015-1772
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
A user without PR can reset user authentication failures information
Low
CVE-2021-32729
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-script
(Maven)
Jul 2, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
ECP SAML binding bypasses authentication flows
High
CVE-2021-3827
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Apr 27, 2022
Improper Authentication in Mortbay Jetty
High
CVE-2007-5614
was published
for
org.mortbay.jetty:jetty
(Maven)
May 1, 2022
Improper Authentication in Apache Kafka
Moderate
CVE-2017-12610
was published
for
org.apache.kafka:kafka-clients
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2013-2067
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Authentication in Spring Security
High
CVE-2014-0097
was published
for
org.springframework.security:spring-security-core
(Maven)
May 13, 2022
Limited Authentication Bypass for Media Files
Moderate
CVE-2022-29237
was published
for
org.opencastproject:opencast-ingest-service-impl
(Maven)
May 25, 2022
Improper Authentication in Apache Hadoop
Moderate
CVE-2014-0229
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Improper Authentication in Apache Qpid
Moderate
CVE-2012-4446
was published
for
org.apache.qpid:qpid-client
(Maven)
May 17, 2022
Improper Authentication in Apache Axis2
Moderate
CVE-2012-5351
was published
for
org.apache.axis2:axis2
(Maven)
May 13, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5887
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Authentication in Jenkins
Moderate
CVE-2017-2604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authentication in Apache Hadoop
Low
CVE-2013-2192
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
High
CVE-2022-36092
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification
Moderate
CVE-2015-5298
was published
for
org.jenkins-ci.plugins:google-login
(Maven)
Jul 8, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
ProTip!
Advisories are also available from the
GraphQL API