Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,795 advisories

Loading
Disabled users able to log in with third party SSO plugin High
CVE-2017-1000489 was published for mautic/core (Composer) Jan 19, 2021
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Improper Authentication High
GHSA-qxx8-292g-2w66 was published for Microsoft.Bot.Connector (NuGet) Mar 8, 2021
botframework-connector vulnerable to Improper Authentication High
GHSA-cqff-fx2x-p86v was published for botframework-connector (pip) Mar 8, 2021
Logic error in authentication in proxy.py High
CVE-2021-3116 was published for proxy.py (pip) Apr 7, 2021
Improper Authentication in react-adal High
CVE-2020-7787 was published for react-adal (npm) Apr 13, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Authentication bypass in Apache Shiro Critical
CVE-2020-17510 was published for org.apache.shiro:shiro-spring (Maven) Apr 22, 2021
Improper Authentication in Apache Hadoop High
CVE-2018-11765 was published for org.apache.hadoop:hadoop-main (Maven) Apr 30, 2021
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Authentication bypass in MAGMI Critical
CVE-2020-5777 was published for dweeves/magmi (Composer) May 6, 2021
Improper Authentication in Apache Shiro Critical
CVE-2020-11989 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Improper Authentication in Apache Shiro Critical
CVE-2020-1957 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Authentication bypass in Apache Shiro High
CVE-2020-13933 was published for org.apache.shiro:shiro-core (Maven) May 7, 2021
Broken Authentication in Atlassian Connect Spring Boot Moderate
CVE-2021-26074 was published for com.atlassian.connect:atlassian-connect-spring-boot-starter (Maven) May 10, 2021
Improper Authentication in Apache Traffic Control Critical
CVE-2019-12405 was published for github.com/apache/trafficcontrol (Go) May 18, 2021
Improper Authentication in InfluxDB Critical
CVE-2019-20933 was published for github.com/influxdata/influxdb (Go) May 18, 2021
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
MinIO Admin API security issue High Unreviewed
CVE-2020-11012 was published May 24, 2021
vadmeste aead
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Improper Authentication in Atlassian Connect Spring Boot High
CVE-2021-26077 was published for com.atlassian.connect:atlassian-connect-spring-boot (Maven) Jun 16, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database