GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
furlongm openvpn-monitor allows Authorization Bypass to disconnect arbitrary clients
High
CVE-2021-31606
was published
for
openvpn-monitor
(pip)
May 24, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Improper Authentication in Flask-AppBuilder
High
CVE-2021-41265
was published
for
Flask-AppBuilder
(pip)
Dec 9, 2021
Potential bypass of an upstream access control based on URL paths in Django
High
CVE-2021-44420
was published
for
Django
(pip)
Dec 9, 2021
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Improper Authentication in django-mfa3
High
CVE-2022-24857
was published
for
django-mfa3
(pip)
Apr 22, 2022
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
CrateDB authentication bypass vulnerability
High
CVE-2023-51982
was published
for
crate
(Maven)
Jan 30, 2024
botframework-connector vulnerable to Improper Authentication
High
GHSA-cqff-fx2x-p86v
was published
for
botframework-connector
(pip)
Mar 8, 2021
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
CKAN contains Improper Authentication leading to account takeover
High
CVE-2022-43685
was published
for
ckan
(pip)
Nov 22, 2022
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Magento Open Source Improper Authentication vulnerability
High
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
RobotsAndPencils go-saml authentication bypass vulnerability
High
CVE-2023-48703
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Aug 5, 2024
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
ProTip!
Advisories are also available from the
GraphQL API