GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
High
GHSA-7fpw-cfc4-3p2c
was published
for
passport-wsfed-saml2
(npm)
Dec 28, 2017
•
withdrawn
Authentication Bypass by Spoofing in express-cart
High
CVE-2018-16483
was published
for
express-cart
(npm)
Feb 7, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
2FA bypass in Wagtail through new device path
Moderate
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
omniauth-apple allows attacker to fake their email address during authentication
High
CVE-2020-26254
was published
for
omniauth-apple
(RubyGems)
Dec 8, 2020
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
Authentication Bypass
High
CVE-2021-29441
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
Microsoft Edge for iOS Spoofing Vulnerability
High
Unreviewed
CVE-2021-43220
was published
Nov 25, 2021
HTTP Method Spoofing
High
CVE-2021-43807
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Windows AppX Installer Spoofing Vulnerability
High
Unreviewed
CVE-2021-43890
was published
Dec 16, 2021
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
In the case of instances where the SAML SSO authentication is enabled (non-default), session data...
Critical
Unreviewed
CVE-2022-23131
was published
Jan 14, 2022
Authentication Bypass in Apache Cassandra
High
CVE-2020-17516
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 9, 2022
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.
Low
Unreviewed
CVE-2021-42320
was published
Feb 11, 2022
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of...
Critical
Unreviewed
CVE-2022-24112
was published
Feb 12, 2022
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server...
High
Unreviewed
CVE-2022-26505
was published
Mar 7, 2022
Skype for Business and Lync Spoofing Vulnerability.
Moderate
Unreviewed
CVE-2022-26910
was published
Apr 16, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API