Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

172 advisories

Loading
Snipe-IT vulnerable to Improper Authentication Moderate
CVE-2022-3173 was published for snipe/snipe-it (Composer) Sep 18, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider Moderate
CVE-2022-38180 was published for io.ktor:ktor (Maven) Aug 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification Moderate
CVE-2015-5298 was published for org.jenkins-ci.plugins:google-login (Maven) Jul 8, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Keycloak discloses information without authentication Moderate
CVE-2020-27838 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
Improper Authentication in pyftpdlib Moderate
CVE-2008-7263 was published for pyftpdlib (pip) May 17, 2022
Improper Authentication in Apache MyFaces Moderate
CVE-2010-2057 was published for org.apache.myfaces.core:myfaces-impl (Maven) May 17, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String Moderate
CVE-2012-6431 was published for symfony/http-foundation (Composer) May 17, 2022
Apache Axis2 Vulnerable to XML Signature wrapping attack Moderate
CVE-2012-4418 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
Improper Authentication in Apache Qpid Moderate
CVE-2012-4446 was published for org.apache.qpid:qpid-client (Maven) May 17, 2022
Improper Authentication in OpenSAML Moderate
CVE-2011-1411 was published for org.opensaml:opensaml (Maven) May 17, 2022
OpenStack Keystone Improper Authentication vulnerability Moderate
CVE-2013-1865 was published for keystone (pip) May 17, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
OpenStack Neutron Improper Authentication vulnerability Moderate
CVE-2014-0056 was published for neutron (pip) May 17, 2022
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism Moderate
CVE-2014-6288 was published for in2code/powermail (Composer) May 17, 2022
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation Moderate
CVE-2015-1810 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Authentication in Apache ActiveMQ Moderate
CVE-2013-3060 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Chameleon in Plone allows Authentication Bypass Moderate
CVE-2016-4043 was published for Plone (pip) May 17, 2022
Apache Hadoop allows impersonation of arbitrary cluster user accounts Moderate
CVE-2012-1574 was published for org.apache.hadoop:hadoop-main (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database