Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

69 advisories

Loading
Creation of order credits was not validated by acl in admin orders Low
GHSA-g7w8-pp9w-7p32 was published for shopware/core (Composer) Jun 28, 2021
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. High
CVE-2021-34538 was published for org.apache.hive:hive (Maven) Jul 17, 2022
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
Missing Authentication for Critical Function in Apache NiFi High
CVE-2020-9487 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Remote code execution in Apache TomEE Critical
CVE-2020-13931 was published for org.apache.tomee:apache-tomee (Maven) Feb 9, 2022
Authentication bypass for specific endpoint High
CVE-2021-29442 was published for com.alibaba.nacos:nacos-common (Maven) Apr 27, 2021
Authentication bypass in Apache Hadoop High
CVE-2018-11764 was published for org.apache.hadoop:hadoop-main (Maven) Feb 10, 2022
Missing Authentication for Critical Function in Apache TomEE High
CVE-2020-11969 was published for org.apache.tomee:tomee (Maven) Feb 10, 2022
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
Missing Authentication for Critical Function Moderate
CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Apache OpenMeetings missing authentication and can allow user impersonation Critical
CVE-2023-28326 was published for org.apache.openmeetings:openmeetings-parent (Maven) Mar 28, 2023
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Missing Authentication for Critical Function in Foreman Ansible High
CVE-2021-3589 was published for foreman_ansible (RubyGems) Mar 24, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Dapr Dashboard vulnerable to Incorrect Access Control High
CVE-2022-38817 was published for github.com/dapr/dashboard (Go) Oct 4, 2022
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
ProTip! Advisories are also available from the GraphQL API