GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,240 advisories
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Moderate
GHSA-6hgr-2g6q-3rmc
was published
for
com.vaadin:flow-client
(Maven)
Apr 22, 2021
LDAP authentication bypass with empty password
Critical
CVE-2020-26214
was published
for
alerta-server
(pip)
Nov 6, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
High
GHSA-c27r-x354-4m68
was published
for
xml-crypto
(npm)
Oct 27, 2020
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
High
CVE-2020-15269
was published
for
spree
(RubyGems)
Oct 20, 2020
Authorization Bypass in Spring Security
Critical
CVE-2014-3527
was published
for
org.springframework.security:spring-security-core
(Maven)
Sep 15, 2020
ProTip!
Advisories are also available from the
GraphQL API