GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
Authentication Bypass in saml2-js
Moderate
GHSA-mfcp-34xw-p57x
was published
for
saml2-js
(npm)
Sep 3, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used
Moderate
CVE-2020-24660
was published
for
lemonldap-ng-handler
(npm)
Sep 9, 2020
Validation Bypass in paypal-ipn
Moderate
CVE-2014-10067
was published
for
paypal-ipn
(npm)
Aug 31, 2020
Sudden swap of user auth tokens in Volto
Moderate
CVE-2022-24740
was published
for
@plone/volto
(npm)
Mar 14, 2022
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Upstash Adapter missing token verification
Moderate
CVE-2022-39263
was published
for
@next-auth/upstash-redis-adapter
(npm)
Sep 30, 2022
Authentication Bypass for passport-wsfed-saml2
Moderate
CVE-2022-23505
was published
for
passport-wsfed-saml2
(npm)
Dec 13, 2022
Forced Logout in keycloak-connect
Moderate
CVE-2019-10157
was published
for
keycloak-connect
(npm)
Jun 13, 2019
Improper Access Control in passport-oauth2
Moderate
CVE-2021-41580
was published
for
passport-oauth2
(npm)
Sep 29, 2021
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Moderate
CVE-2023-38691
was published
for
matrix-appservice-bridge
(npm)
Aug 4, 2023
Arbitrary remote file read in Wrangler dev server
Moderate
CVE-2023-7079
was published
for
wrangler
(npm)
Jan 3, 2024
botframework-connector vulnerable to Improper Authentication
Moderate
CVE-2021-1725
was published
for
botframework-connector
(npm)
Mar 8, 2021
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Moderate
CVE-2022-23541
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
Ghost's improper authentication allows access to member information and actions
Moderate
CVE-2024-43409
was published
for
@tryghost/portal
(npm)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API