GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,412 advisories
Filter by severity
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Auto-merging Person Records Compromised
High
CVE-2021-32691
was published
for
@apollosproject/data-connector-rock
(npm)
Jun 21, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis
High
CVE-2021-26117
was published
for
org.apache.activemq:activemq-parent
(Maven)
Jun 16, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control
High
CVE-2021-26118
was published
for
org.apache.activemq:artemis-openwire-protocol
(Maven)
Jun 16, 2021
Improper Authentication in Atlassian Connect Spring Boot
High
CVE-2021-26077
was published
for
com.atlassian.connect:atlassian-connect-spring-boot
(Maven)
Jun 16, 2021
Token reuse in Ory fosite
High
CVE-2020-15222
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
Authentication bypass in Apache Shiro
High
CVE-2020-13933
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Hadoop
High
CVE-2018-11765
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Apr 30, 2021
Improper Authentication in react-adal
High
CVE-2020-7787
was published
for
react-adal
(npm)
Apr 13, 2021
Logic error in authentication in proxy.py
High
CVE-2021-3116
was published
for
proxy.py
(pip)
Apr 7, 2021
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
Improper Authentication
High
GHSA-qxx8-292g-2w66
was published
for
Microsoft.Bot.Connector
(NuGet)
Mar 8, 2021
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
High
GHSA-c27r-x354-4m68
was published
for
xml-crypto
(npm)
Oct 27, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
Authentication Bypass in otpauth
High
GHSA-rmmc-8cqj-hfp3
was published
for
otpauth
(npm)
Sep 3, 2020
Authentication and extension bypass in Faye
High
CVE-2020-11020
was published
for
faye
(RubyGems)
Apr 29, 2020
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
JSON-jwt Gem lacked element count during splitting of JWE string
High
CVE-2019-18848
was published
for
json-jwt
(RubyGems)
Nov 14, 2019
Improper Authentication in Auth0.AuthenticationApi
High
CVE-2019-16929
was published
for
Auth0.AuthenticationApi
(NuGet)
Oct 24, 2019
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal
High
CVE-2017-11430
was published
for
omniauth-saml
(RubyGems)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API