GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,027
Composer 4,062
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,089
npm 3,622
NuGet 638
pip 3,233
Pub 10
RubyGems 857
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,114

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

45 advisories

Filter by severity

Sort by

Least recently updated

Improper Authorization in Apache Shiro Critical

CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022

Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical

CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022

Improper Authorization and Origin Validation Error in OneFuzz Critical

CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021

Field-level access-control bypass for multiselect field Critical

CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022

Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical

CVE-2021-32619 was published for deno (Rust) Sep 23, 2021

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical

CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022

Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical

CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022

Potential session hijack in Apache CXF Critical

CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019

Incorrect Authorization in Apache Solr Critical

CVE-2021-29943 was published for org.apache.solr:solr-parent (Maven) May 10, 2021

Incorrect Authorization in Apache Ozone Critical

CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021

Improper Access Control in Webauthn Framework Critical

CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021

Incorrect Authorization in latte/latte Critical

CVE-2021-23803 was published for latte/latte (Composer) Jan 6, 2022

Pebble Templates protection mechanism bypass can lead to arbitrary code execution Critical

CVE-2022-37767 was published for io.pebbletemplates:pebble (Maven) Sep 13, 2022

Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical

CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022

Access Control vulnerability within CoreNLP Critical

CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022

JWT audience claim is not verified Critical

CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023

Incorrect Authorization in Apache Solr Critical

CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022

Users with any cluster secret update access may update out-of-bounds cluster secrets Critical

CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023

Privilege escalation in MOSN Critical

CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023

Dompdf vulnerable to URI validation failure on SVG parsing Critical

CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023

Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical

CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022

Keycloak vulnerable to privilege escalation on Token Exchange feature Critical

CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022

Sandbox bypass leading to arbitrary code execution in Deno Critical

CVE-2022-24783 was published for deno (Rust) Mar 29, 2022

Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical

CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022

Duplicate Advisory: Incorrect Authorization in Gerapy Critical

CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 • withdrawn

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

45 advisories