GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,269
Erlang
31
GitHub Actions
21
Go
2,043
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Creation of order credits was not validated by acl in admin orders
Low
GHSA-g7w8-pp9w-7p32
was published
for
shopware/core
(Composer)
Jun 28, 2021
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
High
CVE-2021-34538
was published
for
org.apache.hive:hive
(Maven)
Jul 17, 2022
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Missing Authentication for Critical Function in Apache NiFi
High
CVE-2020-9487
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Remote code execution in Apache TomEE
Critical
CVE-2020-13931
was published
for
org.apache.tomee:apache-tomee
(Maven)
Feb 9, 2022
Authentication bypass for specific endpoint
High
CVE-2021-29442
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Authentication bypass in Apache Hadoop
High
CVE-2018-11764
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 10, 2022
Missing Authentication for Critical Function in Apache TomEE
High
CVE-2020-11969
was published
for
org.apache.tomee:tomee
(Maven)
Feb 10, 2022
Missing Authentication for Critical Function in Saleor
Moderate
CVE-2020-7964
was published
for
saleor
(pip)
Jul 28, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Moderate
CVE-2021-32659
was published
for
matrix-appservice-bridge
(npm)
Jun 21, 2021
Missing Authentication for Critical Function
Moderate
CVE-2021-32709
was published
for
shopware/platform
(Composer)
Jun 29, 2021
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25014
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25013
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Missing Role Based Access Control for the REST handlers in bleve/http package
Moderate
CVE-2022-31022
was published
for
github.com/blevesearch/bleve
(Go)
Jun 3, 2022
Apollo has potential access control security issue in eureka
High
CVE-2023-25570
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Apache OpenMeetings missing authentication and can allow user impersonation
Critical
CVE-2023-28326
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Mar 28, 2023
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Moderate
CVE-2022-24820
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Apr 8, 2022
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
ProTip!
Advisories are also available from the
GraphQL API