GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0
High
CVE-2022-31158
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
High
CVE-2020-5261
was published
for
Sustainsys.Saml2
(NuGet)
Mar 25, 2020
Multi-Factor Authentication issue in Laravel Fortify
High
CVE-2022-25838
was published
for
laravel/fortify
(Composer)
Feb 25, 2022
Answer vulnerable to Authentication Bypass by Capture-replay
Critical
CVE-2023-1537
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
thorsten/phpmyfaq vulnerable to authentication bypass
High
CVE-2023-1886
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Authentication Bypass in hydra
Moderate
CVE-2020-5300
was published
for
github.com/ory/hydra
(Go)
May 27, 2021
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25835
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25834
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
@workos-inc/authkit-nextjs session replay vulnerability
Moderate
CVE-2024-29901
was published
for
@workos-inc/authkit-nextjs
(npm)
Mar 29, 2024
django-mfa2 vulnerable to MFA Replay attack
High
CVE-2022-42731
was published
for
django-mfa2
(pip)
Oct 11, 2022
OPA for Windows has an SMB force-authentication vulnerability
Moderate
CVE-2024-8260
was published
for
github.com/open-policy-agent/opa
(Go)
Aug 30, 2024
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Critical
CVE-2019-12887
was published
for
LinOTP
(pip)
May 24, 2022
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
High
CVE-2023-41890
was published
for
Kentor.AuthServices
(NuGet)
Sep 20, 2023
Apache Linkis Authentication Bypass vulnerability
Critical
CVE-2023-27987
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
Authentication Bypass by Capture-replay in Apache Spark
High
CVE-2021-38296
was published
for
org.apache.spark:spark-core
(Maven)
Mar 11, 2022
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API