GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
Token reuse in Ory fosite
High
CVE-2020-15222
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Improper Authentication in HashiCorp Nomad
High
CVE-2021-43415
was published
for
github.com/hashicorp/nomad
(Go)
Dec 10, 2021
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25834
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
High
CVE-2021-21403
was published
for
github.com/kongchuanhujiao/server
(Go)
Feb 15, 2022
Access Restriction Bypass in go-ldap
High
CVE-2017-14623
was published
for
github.com/go-ldap/ldap
(Go)
Feb 15, 2022
Unauthenticated control plane denial of service attack in Istio
High
CVE-2022-23635
was published
for
istio.io/istio
(Go)
Feb 23, 2022
Improper Authentication in Capsule Proxy
High
CVE-2022-23652
was published
for
github.com/clastix/capsule-proxy
(Go)
Feb 23, 2022
Account compromise in Evmos
High
CVE-2022-24738
was published
for
github.com/tharsis/evmos
(Go)
Mar 7, 2022
go.etcd.io/etcd Authentication Bypass
High
CVE-2018-16886
was published
for
go.etcd.io/etcd
(Go)
Apr 12, 2022
Traefik Missing Authentication
High
CVE-2018-15598
was published
for
github.com/traefik/traefik
(Go)
May 13, 2022
TiDB authentication bypass vulnerability
High
CVE-2022-31011
was published
for
github.com/pingcap/tidb
(Go)
Jun 6, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
High
CVE-2022-39267
was published
for
github.com/brokercap/Bifrost
(Go)
Oct 18, 2022
kyverno verifyImages rule bypass possible with malicious proxy/registry
High
CVE-2022-47633
was published
for
github.com/kyverno/kyverno
(Go)
Dec 21, 2022
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
High
CVE-2023-43809
was published
for
github.com/charmbracelet/soft-serve
(Go)
Oct 2, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint
High
CVE-2023-51442
was published
for
github.com/navidrome/navidrome
(Go)
Dec 19, 2023
Authentik vulnerable to PKCE downgrade attack
High
CVE-2024-23647
was published
for
goauthentik.io
(Go)
Jan 29, 2024
ProTip!
Advisories are also available from the
GraphQL API