Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
Credited to lkiesow
Improper Authentication in OpenSAML Moderate
CVE-2011-1411 was published for org.opensaml:opensaml (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Authentication in Apache Qpid Moderate
CVE-2012-4446 was published for org.apache.qpid:qpid-client (Maven) May 17, 2022
Improper Authentication in Apache Axis2 Moderate
CVE-2012-5351 was published for org.apache.axis2:axis2 (Maven) May 13, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2012-5887 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Authentication in Jenkins Moderate
CVE-2017-2604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification Moderate
CVE-2015-5298 was published for org.jenkins-ci.plugins:google-login (Maven) Jul 8, 2022
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider Moderate
CVE-2022-38180 was published for io.ktor:ktor (Maven) Aug 13, 2022
Keycloak is vulnerable to IDN homograph attack Moderate
CVE-2021-3424 was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
Improper Authentication in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000110 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Improper Authentication for Keycloak Moderate
CVE-2020-1718 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Broken Authentication in Atlassian Connect Spring Boot Moderate
CVE-2021-26074 was published for com.atlassian.connect:atlassian-connect-spring-boot-starter (Maven) May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users Moderate
CVE-2018-1286 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 13, 2022
Improper Authentication in Apache WSS4J Moderate
CVE-2014-3623 was published for org.apache.ws.security:wss4j (Maven) May 13, 2022
coheigea
Credited to coheigea
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Improper Authentication in Apache CXF Moderate
CVE-2012-2378 was published for org.apache.cxf:cxf (Maven) May 13, 2022
Lin CMS vulnerable to Improper Authentication Moderate
CVE-2022-44244 was published for Lin-CMS (Maven) Nov 10, 2022
aruneko richardfan0606
Credited to aruneko and richardfan0606
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Credited to tdunlap607
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Credited to tdunlap607
Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly Moderate
GHSA-vhvq-jh34-3fc8 was published for org.keycloak:keycloak-core (Maven) Jan 13, 2023 withdrawn
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database