GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Authentication Bypass by CSRF Weakness
Critical
GHSA-5629-8855-gf4g
was published
for
solidus_core
(RubyGems)
Nov 18, 2021
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
High
CVE-2021-21403
was published
for
github.com/kongchuanhujiao/server
(Go)
Feb 15, 2022
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
High
CVE-2020-14359
was published
for
github.com/keycloak/keycloak-gatekeeper
(Go)
Feb 9, 2022
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Froxlor is vulnerable to authentication bypass
Critical
CVE-2023-1307
was published
for
froxlor/froxlor
(Composer)
Mar 10, 2023
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Keycloak Authentication Error
High
CVE-2019-14909
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
NATS.io: Adding accounts for just the system account adds auth bypass
High
CVE-2023-47090
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 19, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
Authentication Bypass in modoboa
Critical
CVE-2023-0777
was published
for
modoboa
(pip)
Feb 10, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Critical
CVE-2024-10082
was published
for
codechecker
(pip)
Nov 6, 2024
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
ProTip!
Advisories are also available from the
GraphQL API