Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

48 advisories

Loading
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration High
CVE-2025-49146 was published for org.postgresql:postgresql (Maven) Jun 11, 2025
jawj
Credited to jawj
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use High
CVE-2021-29047 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
Apache Ozone: Improper authentication when generating S3 secrets High
CVE-2024-45106 was published for org.apache.ozone:ozone (Maven) Dec 3, 2024
CrateDB authentication bypass vulnerability High
CVE-2023-51982 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1 proddata
Credited to Tu0Laj1 and proddata
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Credited to sunSUNQ
Improper Authentication in Jenkins High
CVE-2017-1000354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Improper Authentication in Pivotal Spring-LDAP High
CVE-2017-8028 was published for org.springframework.ldap:spring-ldap-core (Maven) May 13, 2022
guidobonomi
Credited to guidobonomi
Improper Authentication in Apache ActiveMQ and Apache Artemis High
CVE-2021-26117 was published for org.apache.activemq:activemq-parent (Maven) Jun 16, 2021
sunSUNQ
Credited to sunSUNQ
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests High
CVE-2011-3190 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Missing permission checks in Jenkins Distributed Fork Plugin High
CVE-2017-2652 was published for org.jenkins-ci.plugins:distfork (Maven) May 13, 2022
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability High
CVE-2023-37544 was published for org.apache.pulsar:pulsar-websocket (Maven) Dec 20, 2023
Improper Authentication in Apache WSS4J High
CVE-2014-3612 was published for org.apache.activemq:activemq-broker (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Authentication bypass in Apache Zeppelin High
CVE-2020-13929 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Keycloak vulnerable to user impersonation via stolen UUID code High
CVE-2023-0264 was published for org.keycloak:keycloak-services (Maven) Mar 2, 2023
JorXi
Credited to JorXi
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Withdrawn Advisory: Apache IoTDB contains Improper Authentication High
CVE-2023-24830 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 30, 2023 withdrawn
Keycloak Oauth Implementation Error High
CVE-2017-12160 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Use of Hard-coded Credentials in Nacos High
CVE-2021-43116 was published for com.alibaba.nacos:nacos-client (Maven) Jul 6, 2022
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow High
CVE-2021-3632 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
ProTip! Advisories are also available from the GraphQL API