Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

278 advisories

Loading
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Incorrect Authorization in Apache Solr Critical
CVE-2021-29943 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Incorrect Authorization in serverless-offline Critical
CVE-2021-38384 was published for serverless-offline (npm) Sep 1, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical
CVE-2021-32619 was published for deno (Rust) Sep 23, 2021
nayeemrmn
Improper Access Control in Webauthn Framework Critical
CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021
Incorrect Authorization in Apache Ozone Critical
CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Incorrect Authorization in latte/latte Critical
CVE-2021-23803 was published for latte/latte (Composer) Jan 6, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized... Critical Unreviewed
CVE-2020-4877 was published Jan 22, 2022
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
kurt-r2c
nats-io/jwt not enforcing checking of Import token permissions Critical
CVE-2021-3127 was published for github.com/nats-io/jwt (Go) Feb 15, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API