Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
Withdrawn Advisory: Lunary Improper Authentication vulnerability High
CVE-2024-6582 was published for lunary (npm) Sep 13, 2024 withdrawn
vincelwt
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Mage-ai missing user authentication High
CVE-2023-31143 was published for mage-ai (pip) May 5, 2023
GramAddict bot uses dependency with reverse tcp backdoor High
CVE-2020-36245 was published for GramAddict (pip) May 24, 2022
Improper Authentication in FreeTAKServer High
CVE-2022-25508 was published for FreeTAKServer (pip) Mar 12, 2022
Basic auth bypass in esphome High
CVE-2021-41104 was published for esphome (pip) Sep 29, 2021
andir
Mautic has insufficient authentication in upgrade flow High
CVE-2022-25770 was published for mautic/core (Composer) Sep 19, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
STRIMZI incorrect access control High
CVE-2024-36543 was published for io.strimzi:strimzi (Maven) Jun 17, 2024
Openstack Aodh can be used to launder Keystone trusts High
CVE-2017-12440 was published for aodh (pip) May 13, 2022
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
TeamPass files are available without authentication High
CVE-2020-12478 was published for nilsteampassnet/teampass (Composer) May 24, 2022
Answer Missing Authentication for Critical Function High
CVE-2023-4815 was published for github.com/answerdev/answer (Go) Sep 7, 2023
Microweber Discloses Sensitive Information High
CVE-2020-13405 was published for microweber/microweber (Composer) May 24, 2022
Dapr Dashboard vulnerable to Incorrect Access Control High
CVE-2022-38817 was published for github.com/dapr/dashboard (Go) Oct 4, 2022
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Missing Authentication for Critical Function in Foreman Ansible High
CVE-2021-3589 was published for foreman_ansible (RubyGems) Mar 24, 2022
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Apollo has potential access control security issue in eureka High
CVE-2023-25570 was published for com.ctrip.framework.apollo:apollo (Maven) Feb 22, 2023
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25013 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Broken Access Control in 3rd party TYPO3 extension "femanager" High
CVE-2023-25014 was published for in2code/femanager (Composer) Feb 2, 2023
ohader
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Missing Authentication for Critical Function in Apache TomEE High
CVE-2020-11969 was published for org.apache.tomee:tomee (Maven) Feb 10, 2022
Authentication bypass in Apache Hadoop High
CVE-2018-11764 was published for org.apache.hadoop:hadoop-main (Maven) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API