Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,572 advisories

Loading
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
pysaml2 Improper Authentication vulnerability Critical
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
Improper Authentication in pyftpdlib Moderate
CVE-2007-6737 was published for pyftpdlib (pip) May 1, 2022
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An... Critical Unreviewed
CVE-2024-23629 was published Jan 26, 2024
Chameleon in Plone allows Authentication Bypass Moderate
CVE-2016-4043 was published for Plone (pip) May 17, 2022
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2020-36832 was published Oct 16, 2024
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate... High Unreviewed
CVE-2024-38139 was published Oct 16, 2024
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two... High Unreviewed
CVE-2022-30550 was published Jul 18, 2022
Matrix JavaScript SDK's key history sharing could share keys to malicious devices High
CVE-2024-47080 was published for matrix-js-sdk (npm) Oct 15, 2024
dkasak
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
Improper Authentication in pip High
CVE-2013-5123 was published for pip (pip) May 24, 2022
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty... Moderate Unreviewed
CVE-2023-2975 was published Jul 14, 2023
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is... Critical Unreviewed
CVE-2023-30603 was published Jul 6, 2023
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the... Critical Unreviewed
CVE-2023-36655 was published Dec 6, 2023
Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue... Moderate Unreviewed
CVE-2021-39119 was published May 24, 2022
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could... Moderate Unreviewed
CVE-2024-23806 was published Feb 7, 2024
The authentication mechanism can be bypassed by overflowing the value of the Cookie ... Critical Unreviewed
CVE-2023-49262 was published Jan 12, 2024
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest... Critical Unreviewed
CVE-2023-4612 was published Nov 9, 2023
Permission control vulnerability in the audio module. Successful exploitation of this... High Unreviewed
CVE-2023-39380 was published Aug 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database