GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Remote code execution in Apache TomEE
Critical
CVE-2020-13931
was published
for
org.apache.tomee:apache-tomee
(Maven)
Feb 9, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Missing Authentication for Critical Function in Apache Cassandra
Critical
CVE-2018-8016
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 13, 2022
SaltStack Salt Unauthenticated Remote Code Execution
Critical
CVE-2020-11651
was published
for
salt
(pip)
May 24, 2022
DevSpace vulnerable to remote code execution
Critical
CVE-2020-15391
was published
for
github.com/loft-sh/devspace
(Go)
May 24, 2022
Missing Authentication for Critical Function in Apache Airflow
Critical
CVE-2021-38540
was published
for
apache-airflow
(pip)
May 24, 2022
Rdiffweb is missing authentication for critical function
Critical
CVE-2022-3327
was published
for
rdiffweb
(pip)
Oct 20, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
Apache OpenMeetings missing authentication and can allow user impersonation
Critical
CVE-2023-28326
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Mar 28, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound
Critical
CVE-2023-43644
was published
for
github.com/sagernet/sing
(Go)
Sep 26, 2023
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API