Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
WebAuthn4J Spring Security Improper signature counter value handling Moderate
CVE-2023-45669 was published for com.webauthn4j:webauthn4j-spring-security-core (Maven) Oct 17, 2023
mbudnick
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness timtebeek
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame Moderate
CVE-2023-32081 was published for io.vertx:vertx-stomp (Maven) May 12, 2023
NavidMitchell
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Apache DolphinScheduler's python gateway suffered from improper authentication Moderate
CVE-2023-25601 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Apr 20, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for apache-iotdb (Maven) Apr 17, 2023
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Apache SOAP contains unauthenticated RPCRouterServlet Critical
CVE-2022-45378 was published for soap:soap (Maven) Nov 14, 2022
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider Critical
CVE-2022-39387 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Nov 4, 2022
Apache Shiro Authentication Bypass vulnerability Critical
CVE-2022-40664 was published for org.apache.shiro:shiro-core (Maven) Oct 12, 2022
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion High
CVE-2022-39248 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions High
CVE-2022-39246 was published for org.matrix.android:matrix-android-sdk2 (Maven) Sep 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database