Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
codechecker vulnerable to authentication bypass when using specifically crafted URLs Critical
CVE-2024-10081 was published for codechecker (pip) Nov 6, 2024
Discookie dkrupp
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Keycloak secondary factor bypass in step-up authentication Moderate
CVE-2023-3597 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
sschu jbman
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Silverpeas authentication bypass Critical
CVE-2024-36042 was published for org.silverpeas.core:silverpeas-core (Maven) Jun 3, 2024
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
kube-apiserver authentication bypass vulnerability High
CVE-2023-1260 was published for github.com/openshift/apiserver-library-go (Go) Sep 24, 2023
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat Critical
CVE-2016-5018 was published for org.apache.tomcat.embed:tomcat-embed-jasper (Maven) May 13, 2022
sunSUNQ westonsteimel
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Moodle Authentication Bypass in Question-Bank Moderate
CVE-2012-2356 was published for moodle/moodle (Composer) May 13, 2022
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security Moderate
CVE-2010-3700 was published for org.acegisecurity:acegi-security (Maven) May 14, 2022
westonsteimel
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Internal NCryptDecrypt method could be used externally from WindowsHello library. Moderate
CVE-2020-11005 was published for HaemmerElectronics.SeppPenner.WindowsHello (NuGet) Apr 14, 2020
ProTip! Advisories are also available from the GraphQL API