GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,130 advisories
Filter by severity
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Authentication Bypass in TYPO3 CMS
Moderate
GHSA-6xh8-8pfv-53vx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster Elite for WooCommerce allows...
Moderate
Unreviewed
CVE-2023-51511
was published
Jun 4, 2024
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing...
Moderate
Unreviewed
CVE-2023-47189
was published
Jun 4, 2024
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing...
Moderate
Unreviewed
CVE-2023-48747
was published
Jun 4, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate
CVE-2018-0505
was published
for
mediawiki/core
(Composer)
May 13, 2022
Magento Broken authentication and session managememt
Moderate
CVE-2019-8108
was published
for
magento/community-edition
(Composer)
May 24, 2022
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Moderate
CVE-2013-0282
was published
for
Keystone
(pip)
May 5, 2022
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version...
Moderate
Unreviewed
CVE-2024-4601
was published
May 7, 2024
UltraLog Express device management interface does not properly perform access authentication in...
Moderate
Unreviewed
CVE-2020-3920
was published
May 24, 2022
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password...
Moderate
Unreviewed
CVE-2023-4641
was published
Dec 27, 2023
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by...
Moderate
Unreviewed
CVE-2022-44022
was published
Oct 30, 2022
Salt has insufficient argument validation in several modules
Moderate
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
Salt Insecure configuration of PAM external authentication service
Moderate
CVE-2016-3176
was published
for
salt
(pip)
May 17, 2022
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
Keycloak vulnerable to session hijacking via re-authentication
Moderate
CVE-2023-6787
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
TYPO3 Improper Session Invalidation
Moderate
CVE-2014-3944
was published
for
typo3/cms
(Composer)
May 17, 2022
Keycloak secondary factor bypass in step-up authentication
Moderate
CVE-2023-3597
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API