GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
High
CVE-2021-34538
was published
for
org.apache.hive:hive
(Maven)
Jul 17, 2022
Missing Authentication for Critical Function in Apache NiFi
High
CVE-2020-9487
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Authentication bypass for specific endpoint
High
CVE-2021-29442
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Authentication bypass in Apache Hadoop
High
CVE-2018-11764
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 10, 2022
Missing Authentication for Critical Function in Apache TomEE
High
CVE-2020-11969
was published
for
org.apache.tomee:tomee
(Maven)
Feb 10, 2022
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25014
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager"
High
CVE-2023-25013
was published
for
in2code/femanager
(Composer)
Feb 2, 2023
Apollo has potential access control security issue in eureka
High
CVE-2023-25570
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Missing Authentication for Critical Function in Foreman Ansible
High
CVE-2021-3589
was published
for
foreman_ansible
(RubyGems)
Mar 24, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
Answer Missing Authentication for Critical Function
High
CVE-2023-4815
was published
for
github.com/answerdev/answer
(Go)
Sep 7, 2023
TeamPass files are available without authentication
High
CVE-2020-12478
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
Chisel's AUTH environment variable not respected in server entrypoint
High
CVE-2024-43798
was published
for
github.com/jpillora/chisel
(Go)
Aug 27, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API