GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,130 advisories
Filter by severity
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers...
Moderate
Unreviewed
CVE-2021-43946
was published
Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from...
Moderate
Unreviewed
CVE-2021-20150
was published
Dec 31, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any...
Moderate
Unreviewed
CVE-2021-36721
was published
Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for...
Moderate
Unreviewed
CVE-2021-44848
was published
Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated...
Moderate
Unreviewed
CVE-2021-39916
was published
Dec 14, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira...
Moderate
Unreviewed
CVE-2021-41309
was published
Dec 9, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the...
Moderate
Unreviewed
CVE-2021-29779
was published
Dec 2, 2021
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could...
Moderate
Unreviewed
CVE-2021-40130
was published
Nov 20, 2021
Improper Access Control in passport-oauth2
Moderate
CVE-2021-41580
was published
for
passport-oauth2
(npm)
Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Authentication Bypass by Alternate Name in Apache Tomcat
Moderate
CVE-2021-30640
was published
for
org.apache.tomcat:tomcat
(Maven)
Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Broken Authentication in Atlassian Connect Spring Boot
Moderate
CVE-2021-26074
was published
for
com.atlassian.connect:atlassian-connect-spring-boot-starter
(Maven)
May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
CVE-2021-31408
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 22, 2021
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
Lack of URL normalization may lead to authorization bypass when URL access rules are used
Moderate
CVE-2020-24660
was published
for
lemonldap-ng-handler
(npm)
Sep 9, 2020
Authentication Bypass in saml2-js
Moderate
GHSA-mfcp-34xw-p57x
was published
for
saml2-js
(npm)
Sep 3, 2020
Validation Bypass in paypal-ipn
Moderate
CVE-2014-10067
was published
for
paypal-ipn
(npm)
Aug 31, 2020
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
ProTip!
Advisories are also available from the
GraphQL API