Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,412 advisories

Loading
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Auto-merging Person Records Compromised High
CVE-2021-32691 was published for @apollosproject/data-connector-rock (npm) Jun 21, 2021
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
MinIO Admin API security issue High Unreviewed
CVE-2020-11012 was published May 24, 2021
vadmeste aead
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
Authentication bypass in Apache Shiro High
CVE-2020-13933 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Improper Authentication in Apache Hadoop High
CVE-2018-11765 was published for org.apache.hadoop:hadoop-main (Maven) Apr 30, 2021
Improper Authentication in react-adal High
CVE-2020-7787 was published for react-adal (npm) Apr 13, 2021
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
botframework-connector vulnerable to Improper Authentication High
GHSA-cqff-fx2x-p86v was published for botframework-connector (pip) Mar 8, 2021
Improper Authentication High
GHSA-qxx8-292g-2w66 was published for Microsoft.Bot.Connector (NuGet) Mar 8, 2021
Disabled users able to log in with third party SSO plugin High
CVE-2017-1000489 was published for mautic/core (Composer) Jan 19, 2021
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion High
GHSA-c27r-x354-4m68 was published for xml-crypto (npm) Oct 27, 2020
bawolff
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls High
CVE-2020-15269 was published for spree (RubyGems) Oct 20, 2020
Morantron
Authentication Bypass in otpauth High
GHSA-rmmc-8cqj-hfp3 was published for otpauth (npm) Sep 3, 2020
Authentication and extension bypass in Faye High
CVE-2020-11020 was published for faye (RubyGems) Apr 29, 2020
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
JSON-jwt Gem lacked element count during splitting of JWE string High
CVE-2019-18848 was published for json-jwt (RubyGems) Nov 14, 2019
Improper Authentication in Auth0.AuthenticationApi High
CVE-2019-16929 was published for Auth0.AuthenticationApi (NuGet) Oct 24, 2019
klaudialax
OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal High
CVE-2017-11430 was published for omniauth-saml (RubyGems) Jul 5, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database