Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Authentication Bypass in passport-azure-ad High
CVE-2016-7191 was published for passport-azure-ad (npm) Jul 26, 2018
Improper Key Verification in ipns High
GHSA-j59f-6m4q-62h6 was published for ipns (npm) May 30, 2019
mprpic
Incorrect Account Used for Signing High
GHSA-vg44-fw64-cpjx was published for @metamask/eth-ledger-bridge-keyring (npm) Mar 24, 2020
Authentication Bypass in otpauth High
GHSA-rmmc-8cqj-hfp3 was published for otpauth (npm) Sep 3, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion High
GHSA-c27r-x354-4m68 was published for xml-crypto (npm) Oct 27, 2020
bawolff
Improper Authentication in react-adal High
CVE-2020-7787 was published for react-adal (npm) Apr 13, 2021
Auto-merging Person Records Compromised High
CVE-2021-32691 was published for @apollosproject/data-connector-rock (npm) Jun 21, 2021
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
Raneto Denial of Service via crafted payload injected into `Search` parameter High
CVE-2022-35142 was published for raneto (npm) Aug 5, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding High
CVE-2022-39249 was published for matrix-js-sdk (npm) Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion High
CVE-2022-39251 was published for matrix-js-sdk (npm) Sep 30, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification High
CVE-2022-39250 was published for matrix-js-sdk (npm) Sep 30, 2022
Unauthorized Access to Private Fields in User Registration API High
CVE-2023-39345 was published for @strapi/plugin-users-permissions (npm) Nov 3, 2023
dogusdeniz innerdvations
derrickmehaffy christiancp100
EverShop vulnerable to improper authorization in GraphQL endpoints High
CVE-2023-46942 was published for @evershop/evershop (npm) Jan 13, 2024
Flowise Authentication Bypass vulnerability High
CVE-2024-8181 was published for flowise (npm) Aug 27, 2024
ProTip! Advisories are also available from the GraphQL API