Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

26 advisories

Loading
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password Critical
CVE-2016-0733 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass Critical
CVE-2021-41303 was published for org.apache.shiro:shiro-core (Maven) Sep 20, 2021
Apache Shiro Authentication Bypass vulnerability Critical
CVE-2022-40664 was published for org.apache.shiro:shiro-core (Maven) Oct 12, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider Critical
CVE-2022-39387 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Nov 4, 2022
Authentication bypass in Apache Shiro Critical
CVE-2020-17523 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2022
Improper Authentication in Apache Shiro Critical
CVE-2020-1957 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Improper Authentication in Apache Shiro Critical
CVE-2020-11989 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Authentication bypass in Apache Shiro Critical
CVE-2020-17510 was published for org.apache.shiro:shiro-spring (Maven) Apr 22, 2021
AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication Critical
CVE-2016-4432 was published for org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol (Maven) Oct 16, 2018
Remote code execution in net.mingsoft:ms-mcms Critical
CVE-2021-46384 was published for net.mingsoft:ms-mcms (Maven) Mar 5, 2022
Improper Authentication in Apache CXF Critical
CVE-2012-0803 was published for org.apache.cxf:cxf (Maven) May 13, 2022
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication Critical
CVE-2018-18389 was published for org.neo4j:neo4j-enterprise (Maven) Oct 17, 2018
tdunlap607
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Improper Authentication in Apache ShenYu Admin Critical
CVE-2021-37580 was published for org.apache.shenyu:shenyu-admin (Maven) Nov 17, 2021
intrigus-lgtm
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Improper Authentication in Jenkins Active Directory Plugin Critical
CVE-2020-2299 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation Critical
CVE-2024-47806 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation Critical
CVE-2024-47807 was published for org.jenkins-ci.plugins:oic-auth (Maven) Oct 2, 2024
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API