GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
GramAddict bot uses dependency with reverse tcp backdoor
High
CVE-2020-36245
was published
for
GramAddict
(pip)
May 24, 2022
Improper Authentication in FreeTAKServer
High
CVE-2022-25508
was published
for
FreeTAKServer
(pip)
Mar 12, 2022
Lunary Improper Authentication vulnerability
Moderate
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Missing Authentication for Critical Function in Apache Airflow
Critical
CVE-2021-38540
was published
for
apache-airflow
(pip)
May 24, 2022
Chisel's AUTH environment variable not respected in server entrypoint
High
CVE-2024-43798
was published
for
github.com/jpillora/chisel
(Go)
Aug 27, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
RPyC's missing security check results in code execution when using numpy.array on the server-side.
High
CVE-2024-27758
was published
for
rpyc
(pip)
Mar 6, 2024
STRIMZI incorrect access control
High
CVE-2024-36543
was published
for
io.strimzi:strimzi
(Maven)
Jun 17, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Openstack Aodh can be used to launder Keystone trusts
High
CVE-2017-12440
was published
for
aodh
(pip)
May 13, 2022
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
TeamPass files are available without authentication
High
CVE-2020-12478
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
SaltStack Salt Unauthenticated Remote Code Execution
Critical
CVE-2020-11651
was published
for
salt
(pip)
May 24, 2022
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2020-13920
was published
for
org.apache.activemq:activemq-parent
(Maven)
Feb 9, 2022
Missing Authentication for Critical Function in Apache Cassandra
Critical
CVE-2018-8016
was published
for
org.apache.cassandra:cassandra-all
(Maven)
May 13, 2022
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
ProTip!
Advisories are also available from the
GraphQL API