GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
Critical
CVE-2016-4432
was published
for
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol
(Maven)
Oct 16, 2018
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Critical
CVE-2016-0733
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Critical
CVE-2018-18389
was published
for
org.neo4j:neo4j-enterprise
(Maven)
Oct 17, 2018
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
Authentication bypass in Apache Shiro
Critical
CVE-2020-17510
was published
for
org.apache.shiro:shiro-spring
(Maven)
Apr 22, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-11989
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Improper Authentication in Apache Shiro
Critical
CVE-2020-1957
was published
for
org.apache.shiro:shiro-core
(Maven)
May 7, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
Improper Authentication in Apache ShenYu Admin
Critical
CVE-2021-37580
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Nov 17, 2021
Authentication bypass in Apache Shiro
Critical
CVE-2020-17523
was published
for
org.apache.shiro:shiro-spring
(Maven)
Feb 9, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Remote code execution in net.mingsoft:ms-mcms
Critical
CVE-2021-46384
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 5, 2022
Improper Authentication in Apache CXF
Critical
CVE-2012-0803
was published
for
org.apache.cxf:cxf
(Maven)
May 13, 2022
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Critical
CVE-2020-2300
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
Critical
CVE-2020-2301
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Improper Authentication in Jenkins Active Directory Plugin
Critical
CVE-2020-2299
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Apache Shiro Authentication Bypass vulnerability
Critical
CVE-2022-40664
was published
for
org.apache.shiro:shiro-core
(Maven)
Oct 12, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
jeecg-boot vulnerable to improper authentication
Critical
CVE-2023-1784
was published
for
org.jeecgframework.boot:jeecg-boot-parent
(Maven)
Mar 31, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication
Critical
CVE-2023-24831
was published
for
apache-iotdb
(Maven)
Apr 17, 2023
Apache Accumulo Improper Authentication vulnerability
Critical
CVE-2023-34340
was published
for
org.apache.accumulo:accumulo-shell
(Maven)
Jun 21, 2023
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Critical
CVE-2023-37471
was published
for
org.openidentityplatform.openam:openam-federation-library
(Maven)
Jul 20, 2023
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Critical
CVE-2024-47807
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Critical
CVE-2024-47806
was published
for
org.jenkins-ci.plugins:oic-auth
(Maven)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API