GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
405 advisories
Filter by severity
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly
Moderate
GHSA-vhvq-jh34-3fc8
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 13, 2023
•
withdrawn
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
usememos/memos Improper Authentication vulnerability
Moderate
CVE-2022-4799
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
High
CVE-2022-4722
was published
for
rdiffweb
(pip)
Dec 27, 2022
CodeIgniter4 Potential Session Handlers Vulnerability
High
CVE-2022-46170
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Moderate
CVE-2022-23541
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
kyverno verifyImages rule bypass possible with malicious proxy/registry
High
CVE-2022-47633
was published
for
github.com/kyverno/kyverno
(Go)
Dec 21, 2022
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Moderate
CVE-2022-3916
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
Authentication Bypass for passport-wsfed-saml2
Moderate
CVE-2022-23505
was published
for
passport-wsfed-saml2
(npm)
Dec 13, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
Moderate
CVE-2022-23501
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Prometheus Exporter-Toolkit is vulnerable to authentication bypass
Moderate
CVE-2022-46146
was published
for
github.com/prometheus/exporter-toolkit
(Go)
Dec 2, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Critical
CVE-2022-41912
was published
for
github.com/crewjam/saml
(Go)
Nov 29, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
Lin CMS vulnerable to Improper Authentication
Moderate
CVE-2022-44244
was published
for
Lin-CMS
(Maven)
Nov 10, 2022
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Critical
CVE-2022-39387
was published
for
org.xwiki.contrib.oidc:oidc-authenticator
(Maven)
Nov 4, 2022
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Critical
CVE-2022-37298
was published
for
Shinken
(pip)
Oct 20, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
High
CVE-2022-39267
was published
for
github.com/brokercap/Bifrost
(Go)
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API