GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2020-13920
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Missing Authentication for Critical Function in Apache Cassandra
Critical
CVE-2018-8016
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 13, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Keycloak Missing authentication for critical function
Moderate
CVE-2021-20262
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 12, 2021
Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Moderate
CVE-2022-24820
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Apr 8, 2022
Apache SOAP contains unauthenticated RPCRouterServlet
Critical
CVE-2022-45378
was published
for
soap:soap
(Maven)
Nov 14, 2022
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Apache OpenMeetings missing authentication and can allow user impersonation
Critical
CVE-2023-28326
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Mar 28, 2023
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Apollo has potential access control security issue in eureka
High
CVE-2023-25570
was published
for
com.ctrip.framework.apollo:apollo
(Maven)
Feb 22, 2023
Missing Authentication for Critical Function in Apache TomEE
High
CVE-2020-11969
was published
for
org.apache.tomee:tomee
(Maven)
Feb 10, 2022
Authentication bypass in Apache Hadoop
High
CVE-2018-11764
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 10, 2022
Authentication bypass for specific endpoint
High
CVE-2021-29442
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Remote code execution in Apache TomEE
Critical
CVE-2020-13931
was published
for
org.apache.tomee:apache-tomee
(Maven)
Feb 9, 2022
Missing Authentication for Critical Function in Apache NiFi
High
CVE-2020-9487
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
High
CVE-2021-34538
was published
for
org.apache.hive:hive
(Maven)
Jul 17, 2022
ProTip!
Advisories are also available from the
GraphQL API