GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Authentication Bypass in hapi-auth-jwt2
Critical
CVE-2016-10525
was published
for
hapi-auth-jwt2
(npm)
Feb 18, 2019
Authentication Bypass in console-io
Critical
CVE-2016-10532
was published
for
console-io
(npm)
Feb 18, 2019
API Admin Auth Weakness in tomato
Critical
CVE-2013-7379
was published
for
tomato
(npm)
Aug 31, 2020
Authentication Bypass in express-laravel-passport
Critical
GHSA-v66p-w7qx-wv98
was published
for
express-laravel-passport
(npm)
Sep 4, 2020
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
API token verification can be bypassed in NodeBB
Critical
CVE-2021-43786
was published
for
nodebb
(npm)
Nov 30, 2021
Authentication bypass in Apache Shiro
Critical
CVE-2020-17523
was published
for
org.apache.shiro:shiro-spring
(Maven)
Feb 9, 2022
Improper Authentication in Apache Shiro
Critical
CVE-2020-1957
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Authentication bypass in MAGMI
Critical
CVE-2020-5777
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-11989
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Authentication bypass in Apache Shiro
Critical
CVE-2020-17510
was published
for
org.apache.shiro:shiro-spring
(Maven)
Apr 22, 2021
Authentication Bypass in tyk-identity-broker
Critical
CVE-2021-23365
was published
for
github.com/tyktechnologies/tyk-identity-broker
(Go)
Jun 23, 2021
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
Critical
CVE-2016-4432
was published
for
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
(Maven)
Oct 16, 2018
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Remote code execution in net.mingsoft:ms-mcms
Critical
CVE-2021-46384
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 5, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Critical
CVE-2022-41912
was published
for
github.com/crewjam/saml
(Go)
Nov 29, 2022
Improper Authentication in Apache CXF
Critical
CVE-2012-0803
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authenication in Pion DTLS
Critical
CVE-2019-20786
was published
for
github.com/pion/dtls
(Go)
Jun 29, 2021
XML Processing error in github.com/crewjam/saml
Critical
CVE-2020-27846
was published
for
github.com/crewjam/saml
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API