Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

382 advisories

Loading
TYPO3 extension femanager Broken Access Control vulnerability Moderate
CVE-2023-45023 was published for in2code/femanager (Composer) Oct 4, 2023
asyncua Improper Authentication vulnerability High
CVE-2023-26150 was published for asyncua (pip) Oct 3, 2023
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled High
CVE-2023-43809 was published for github.com/charmbracelet/soft-serve (Go) Oct 2, 2023
JJGadgets
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness
Sentry vulnerable to incorrect credential validation on OAuth token requests Moderate
CVE-2023-39531 was published for sentry (pip) Aug 9, 2023
EricHasegawa
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs Moderate
CVE-2023-38691 was published for matrix-appservice-bridge (npm) Aug 4, 2023
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process Critical
CVE-2023-37471 was published for org.openidentityplatform.openam:openam-federation-library (Maven) Jul 20, 2023
atorralba sylwia-budzynska
Keycloak: Impersonation and lockout possible through incorrect handling of email trust Moderate
CVE-2023-0105 was published for org.keycloak:keycloak-core (Maven) Jul 18, 2023
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
Apache Pulsar Broker Improper Authentication vulnerability Moderate
CVE-2023-31007 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Apache Accumulo Improper Authentication vulnerability Critical
CVE-2023-34340 was published for org.apache.accumulo:accumulo-shell (Maven) Jun 21, 2023
Doorkeeper Improper Authentication vulnerability Moderate
CVE-2023-34246 was published for doorkeeper (RubyGems) Jun 12, 2023
hickford rgammans
adam-h nbudin nbulaj
Synapse has improper checks for deactivated users during login Moderate
CVE-2023-32682 was published for matrix-synapse (pip) Jun 6, 2023
Vert.x STOMP server process client frames that would not send initially a connect frame Moderate
CVE-2023-32081 was published for io.vertx:vertx-stomp (Maven) May 12, 2023
NavidMitchell
Apache OpenMeetings Improper Authentication vulnerability High
CVE-2023-29032 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 12, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Apache DolphinScheduler's python gateway suffered from improper authentication Moderate
CVE-2023-25601 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Apr 20, 2023
Apache IoTDB Grafana Connector vulnerable to Improper Authentication Critical
CVE-2023-24831 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Apr 17, 2023
Etcd-io Improper Authentication vulnerability Critical
CVE-2021-28235 was published for go.etcd.io/etcd/v3 (Go) Apr 4, 2023
jeecg-boot vulnerable to improper authentication Critical
CVE-2023-1784 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 31, 2023
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Full authentication bypass if SASL authorization username is specified Critical
CVE-2023-27582 was published for github.com/foxcpp/maddy (Go) Mar 14, 2023
ProTip! Advisories are also available from the GraphQL API