Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

423 advisories

Loading
Infinispan Rest API Does Not Enforce Auth Constraints Moderate
CVE-2017-2638 was published for org.infinispan:infinispan-server-core (Maven) May 13, 2022
Missing permission checks in Jenkins Distributed Fork Plugin High
CVE-2017-2652 was published for org.jenkins-ci.plugins:distfork (Maven) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Keycloak Oauth Implementation Error High
CVE-2017-12160 was published for org.keycloak:keycloak-parent (Maven) May 13, 2022
SaltStack Salt Remote command execution and incorrect access control when using salt-api Critical
CVE-2018-15751 was published for salt (pip) May 13, 2022
ThinkAdmin Administrator cookies still working after password change Critical
CVE-2019-11018 was published for zoujingli/thinkadmin (Composer) May 13, 2022
Moodle Users Can Bypass Deleted Status Moderate
CVE-2012-0797 was published for moodle/moodle (Composer) May 13, 2022
Moodle Allows Unauthenticated Dropbox Access Moderate
CVE-2012-5471 was published for moodle/moodle (Composer) May 13, 2022
Moodle Authentication Bypass in File Upload Moderate
CVE-2012-3387 was published for moodle/moodle (Composer) May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Improper Authentication in Pivotal Spring-LDAP High
CVE-2017-8028 was published for org.springframework.ldap:spring-ldap-core (Maven) May 13, 2022
guidobonomi
OXID eShop user impersonation vulnerability High
CVE-2015-6926 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2022
Improper Authentication in Apache CXF Moderate
CVE-2012-2378 was published for org.apache.cxf:cxf (Maven) May 13, 2022
Improper Authentication in Apache CXF Critical
CVE-2012-0803 was published for org.apache.cxf:cxf (Maven) May 13, 2022
Improper Authentication in Apache CXF Moderate
CVE-2012-5633 was published for org.apache.cxf:cxf (Maven) May 13, 2022
sunSUNQ
Improper Authentication in Apache WSS4J Moderate
CVE-2014-3623 was published for org.apache.ws.security:wss4j (Maven) May 13, 2022
coheigea
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Traefik Missing Authentication High
CVE-2018-15598 was published for github.com/traefik/traefik (Go) May 13, 2022
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
Improper Authentication in Apache Axis2 Moderate
CVE-2012-5351 was published for org.apache.axis2:axis2 (Maven) May 13, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions Moderate
CVE-2013-0282 was published for Keystone (pip) May 5, 2022
Improper Authentication in Apache CXF Moderate
CVE-2013-0239 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 5, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database