Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit Moderate
CVE-2024-8642 was published for org.eclipse.edc:transfer-data-plane (Maven) Sep 11, 2024
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Alpine allows Authentication Filter bypass Moderate
CVE-2022-23554 was published for us.springett:alpine (Maven) Aug 5, 2024
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for org.apache.submarine:submarine-commons-utils (Maven) Jun 12, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Keycloak vulnerable to session hijacking via re-authentication Moderate
CVE-2023-6787 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
Improper Authentication in Spring Authorization Server Moderate
CVE-2024-22258 was published for org.springframework.security:spring-security-oauth2-authorization-server (Maven) Mar 20, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
WebAuthn4J Spring Security Improper signature counter value handling Moderate
CVE-2023-45669 was published for com.webauthn4j:webauthn4j-spring-security-core (Maven) Oct 17, 2023
mbudnick
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame Moderate
CVE-2023-32081 was published for io.vertx:vertx-stomp (Maven) May 12, 2023
NavidMitchell
Apache DolphinScheduler's python gateway suffered from improper authentication Moderate
CVE-2023-25601 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Apr 20, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch:opensearch-security (Maven) Jan 24, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider Moderate
CVE-2022-38180 was published for io.ktor:ktor (Maven) Aug 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification Moderate
CVE-2015-5298 was published for org.jenkins-ci.plugins:google-login (Maven) Jul 8, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Keycloak discloses information without authentication Moderate
CVE-2020-27838 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Improper Authentication in Apache MyFaces Moderate
CVE-2010-2057 was published for org.apache.myfaces.core:myfaces-impl (Maven) May 17, 2022
Apache Axis2 Vulnerable to XML Signature wrapping attack Moderate
CVE-2012-4418 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API