GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
Moodle Authentication Bypass in Question-Bank
Moderate
CVE-2012-2356
was published
for
moodle/moodle
(Composer)
May 13, 2022
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
kube-apiserver authentication bypass vulnerability
High
CVE-2023-1260
was published
for
github.com/openshift/apiserver-library-go
(Go)
Sep 24, 2023
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Critical
CVE-2024-39309
was published
for
parse-server
(npm)
Jul 1, 2024
Silverpeas authentication bypass
Critical
CVE-2024-36042
was published
for
org.silverpeas.core:silverpeas-core
(Maven)
Jun 3, 2024
Docker Authentication Bypass
High
CVE-2018-12608
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Critical
CVE-2024-10081
was published
for
codechecker
(pip)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API