GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Keycloak Missing authentication for critical function
Moderate
CVE-2021-20262
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 12, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Moderate
CVE-2021-32659
was published
for
matrix-appservice-bridge
(npm)
Jun 21, 2021
Missing Authentication for Critical Function
Moderate
CVE-2021-32709
was published
for
shopware/platform
(Composer)
Jun 29, 2021
Missing Authentication for Critical Function in Saleor
Moderate
CVE-2020-7964
was published
for
saleor
(pip)
Jul 28, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Improper Access Control in Onionshare
Moderate
CVE-2022-21691
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2020-13920
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Denial of service in Grafana
Moderate
CVE-2021-27358
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Moderate
CVE-2022-24820
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Apr 8, 2022
Openstack tripleo-heat-templates unauthenticated file access
Moderate
CVE-2017-12155
was published
for
tripleo-heat-templates
(pip)
May 13, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package
Moderate
CVE-2022-31022
was published
for
github.com/blevesearch/bleve
(Go)
Jun 3, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Moderate
CVE-2023-41333
was published
for
github.com/cilium/cilium
(Go)
Sep 27, 2023
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
Mautic has insufficient authentication in upgrade flow
Moderate
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
OctoPrint has API key access in settings without reauthentication
Moderate
CVE-2024-51493
was published
for
OctoPrint
(pip)
Nov 5, 2024
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
Synapse's unauthenticated writes to the media repository allow planting of problematic content
Moderate
CVE-2024-37303
was published
for
matrix-synapse
(pip)
Dec 3, 2024
ProTip!
Advisories are also available from the
GraphQL API