Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification High
CVE-2022-39250 was published for matrix-js-sdk (npm) Sep 30, 2022
Upstash Adapter missing token verification Moderate
CVE-2022-39263 was published for @next-auth/upstash-redis-adapter (npm) Sep 30, 2022
voinik
Credited to voinik
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion High
CVE-2022-39251 was published for matrix-js-sdk (npm) Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding High
CVE-2022-39249 was published for matrix-js-sdk (npm) Sep 30, 2022
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
Credited to KarolisBan
Raneto Denial of Service via crafted payload injected into `Search` parameter High
CVE-2022-35142 was published for raneto (npm) Aug 5, 2022
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
Credited to yoshmidev
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Credited to yoshmidev and kurt-r2c
Sudden swap of user auth tokens in Volto Moderate
CVE-2022-24740 was published for @plone/volto (npm) Mar 14, 2022
API token verification can be bypassed in NodeBB Critical
CVE-2021-43786 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Credited to paul-gerste-sonarsource
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Credited to cbaker6
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Credited to leighmcculloch
Auto-merging Person Records Compromised High
CVE-2021-32691 was published for @apollosproject/data-connector-rock (npm) Jun 21, 2021
Improper Authentication in react-adal High
CVE-2020-7787 was published for react-adal (npm) Apr 13, 2021
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion High
GHSA-c27r-x354-4m68 was published for xml-crypto (npm) Oct 27, 2020
bawolff
Credited to bawolff
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
Authentication Bypass in express-laravel-passport Critical
GHSA-v66p-w7qx-wv98 was published for express-laravel-passport (npm) Sep 4, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
Authentication Bypass in otpauth High
GHSA-rmmc-8cqj-hfp3 was published for otpauth (npm) Sep 3, 2020
API Admin Auth Weakness in tomato Critical
CVE-2013-7379 was published for tomato (npm) Aug 31, 2020
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database