GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Improper Authorization in react-oauth-flow
Critical
GHSA-65m9-m259-7jqw
was published
for
react-oauth-flow
(npm)
Sep 3, 2020
Improper Authorization in passport-cognito
Critical
CVE-2019-19723
was published
for
passport-cognito
(npm)
Sep 4, 2020
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Authorization bypass in Openshift
Critical
CVE-2016-1906
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Obsidian does not require user confirmation for non-http/https URLs.
Critical
CVE-2021-38148
was published
for
obsidian
(npm)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
Improper Authorization in modoboa
Critical
CVE-2023-2227
was published
for
modoboa
(pip)
Apr 21, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Critical
CVE-2023-33189
was published
for
github.com/pomerium/pomerium
(Go)
May 26, 2023
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Critical
CVE-2024-38821
was published
for
org.springframework.security:spring-security-web
(Maven)
Oct 28, 2024
ProTip!
Advisories are also available from the
GraphQL API