GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,277
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Withdrawn Advisory: Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
•
withdrawn
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Chisel's AUTH environment variable not respected in server entrypoint
High
CVE-2024-43798
was published
for
github.com/jpillora/chisel
(Go)
Aug 27, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
TeamPass files are available without authentication
High
CVE-2020-12478
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Answer Missing Authentication for Critical Function
High
CVE-2023-4815
was published
for
github.com/answerdev/answer
(Go)
Sep 7, 2023
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Apollo has potential access control security issue in eureka
High
CVE-2023-25570
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25013
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25014
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Missing Authentication for Critical Function in Apache TomEE
High
CVE-2020-11969
was published
for
org.apache.tomee:tomee
(Maven)
Feb 10, 2022
Authentication bypass in Apache Hadoop
High
CVE-2018-11764
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API