GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Withdrawn Advisory: Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
Chisel's AUTH environment variable not respected in server entrypoint
High
CVE-2024-43798
was published
for
github.com/jpillora/chisel
(Go)
Aug 27, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Answer Missing Authentication for Critical Function
High
CVE-2023-4815
was published
for
github.com/answerdev/answer
(Go)
Sep 7, 2023
Apollo has potential access control security issue in eureka
High
CVE-2023-25570
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25013
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25014
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
High
CVE-2021-34538
was published
for
org.apache.hive:hive
(Maven)
Jul 17, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
TeamPass files are available without authentication
High
CVE-2020-12478
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Missing Authentication for Critical Function in Apache TomEE
High
CVE-2020-11969
was published
for
org.apache.tomee:tomee
(Maven)
Feb 10, 2022
Authentication bypass in Apache Hadoop
High
CVE-2018-11764
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 10, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Missing Authentication for Critical Function in Apache NiFi
High
CVE-2020-9487
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
ProTip!
Advisories are also available from the
GraphQL API