Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-7521 was published for org.apache.hive:hive (Maven) Nov 21, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical
CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Improper Authentication in Keycloak High
CVE-2018-14637 was published for org.keycloak:keycloak-core (Maven) Dec 21, 2018
Improper Authentication in Apache Karaf High
CVE-2018-11787 was published for org.apache.karaf:apache-karaf (Maven) Jan 7, 2019
Improper Authentication in org.keycloak:keycloak-core High
CVE-2016-8609 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service High
CVE-2015-1772 was published for org.apache.hive:hive (Maven) Mar 14, 2019
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass Critical
CVE-2021-41303 was published for org.apache.shiro:shiro-core (Maven) Sep 20, 2021
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
Improper Authentication in Mortbay Jetty High
CVE-2007-5614 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Improper Authentication in OpenSAML Moderate
CVE-2011-1411 was published for org.opensaml:opensaml (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Authentication in Apache Qpid Moderate
CVE-2012-4446 was published for org.apache.qpid:qpid-client (Maven) May 17, 2022
Improper Authentication in Apache Axis2 Moderate
CVE-2012-5351 was published for org.apache.axis2:axis2 (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2012-5887 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Authentication in Jenkins Moderate
CVE-2017-2604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action High
CVE-2022-36092 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification Moderate
CVE-2015-5298 was published for org.jenkins-ci.plugins:google-login (Maven) Jul 8, 2022
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database