GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Apache SeaTunnel Web Authentication vulnerability
High
CVE-2023-48396
was published
for
org.apache.seatunnel:seatunnel-web
(Maven)
Jul 30, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
Jenkins Script Security Plugin sandbox bypass vulnerability
High
CVE-2024-34145
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 2, 2024
Apache HugeGraph-Server: Bypass whitelist in Auth mode
High
CVE-2024-27349
was published
for
org.apache.hugegraph:hugegraph-api
(Maven)
Apr 22, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate
CVE-2024-31863
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Moderate
CVE-2024-21494
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Header spoofing in caddy-geo-ip
Moderate
CVE-2023-50463
was published
for
github.com/shift72/caddy-geo-ip
(Go)
Dec 11, 2023
pretix potential IP address spoofing vulnerability
Moderate
CVE-2023-44463
was published
for
pretix
(pip)
Oct 2, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
High
CVE-2017-16897
was published
for
passport-wsfed-saml2
(npm)
Jun 21, 2023
Parse Server option `masterKeyIps` vulnerability to IP spoofing
High
CVE-2023-22474
was published
for
parse-server
(npm)
Jan 31, 2023
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password
Moderate
CVE-2022-2368
was published
for
microweber/microweber
(Composer)
Jul 12, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Django WSGI Header Spoofing Vulnerability
Moderate
CVE-2015-0219
was published
for
Django
(pip)
May 17, 2022
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
High
CVE-2018-7160
was published
for
node-inspector
(npm)
May 13, 2022
•
withdrawn
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API