Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
Grafana vulnerable to Authentication Bypass by Spoofing Critical
CVE-2023-3128 was published for github.com/grafana/grafana (Go) Jun 22, 2023
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Oqtane Framework Incorrect Access Control vulnerability High
CVE-2024-55470 was published for Oqtane.Framework (NuGet) Dec 20, 2024
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
Grafana Escalation from admin to server admin when auth proxy is used High
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
pretix potential IP address spoofing vulnerability Moderate
CVE-2023-44463 was published for pretix (pip) Oct 2, 2023
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
Verification check bypass in Gate One Moderate
CVE-2020-19003 was published for gateone (pip) Oct 12, 2021
Django WSGI Header Spoofing Vulnerability Moderate
CVE-2015-0219 was published for Django (pip) May 17, 2022
Apache SeaTunnel Web Authentication vulnerability High
CVE-2023-48396 was published for org.apache.seatunnel:seatunnel-web (Maven) Jul 30, 2024
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
Jenkins Script Security Plugin sandbox bypass vulnerability High
CVE-2024-34145 was published for org.jenkins-ci.plugins:script-security (Maven) May 2, 2024
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Header spoofing in caddy-geo-ip Moderate
CVE-2023-50463 was published for github.com/shift72/caddy-geo-ip (Go) Dec 11, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes Low
CVE-2023-41329 was published for com.github.tomakehurst:wiremock-jre8 (Maven) Sep 8, 2023
W0rty numacanedo
tomakehurst Mahoney oleg-nenashev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database