Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

405 advisories

Loading
Rancher generated tokens not revoked after modifications made to authentication provider High
GHSA-c45c-39f6-6gw9 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch:opensearch-security (Maven) Jan 24, 2023
phpMyFAQ Improper Authentication vulnerability Critical
CVE-2023-0311 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
golang-nanoauth authentication bypass vulnerability Critical
CVE-2020-36569 was published for github.com/nanobox-io/golang-nanoauth (Go) Dec 28, 2022
andrewpollock
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC Moderate
CVE-2022-23541 was published for jsonwebtoken (npm) Dec 22, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
kyverno verifyImages rule bypass possible with malicious proxy/registry High
CVE-2022-47633 was published for github.com/kyverno/kyverno (Go) Dec 21, 2022
slashben
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Authentication Bypass for passport-wsfed-saml2 Moderate
CVE-2022-23505 was published for passport-wsfed-saml2 (npm) Dec 13, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Prometheus Exporter-Toolkit is vulnerable to authentication bypass Moderate
CVE-2022-46146 was published for github.com/prometheus/exporter-toolkit (Go) Dec 2, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication Critical
CVE-2022-41912 was published for github.com/crewjam/saml (Go) Nov 29, 2022
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider Critical
CVE-2022-39387 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Nov 4, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control Critical
CVE-2022-37298 was published for Shinken (pip) Oct 20, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass High
CVE-2022-39267 was published for github.com/brokercap/Bifrost (Go) Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database