GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Incorrect Account Used for Signing
High
GHSA-vg44-fw64-cpjx
was published
for
@metamask/eth-ledger-bridge-keyring
(npm)
Mar 24, 2020
Authentication Bypass in passport-azure-ad
High
CVE-2016-7191
was published
for
passport-azure-ad
(npm)
Jul 26, 2018
Authentication Bypass in otpauth
High
GHSA-rmmc-8cqj-hfp3
was published
for
otpauth
(npm)
Sep 3, 2020
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
High
GHSA-c27r-x354-4m68
was published
for
xml-crypto
(npm)
Oct 27, 2020
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
High
CVE-2022-39250
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
High
CVE-2022-39249
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
High
CVE-2022-39251
was published
for
matrix-js-sdk
(npm)
Sep 30, 2022
Raneto Denial of Service via crafted payload injected into `Search` parameter
High
CVE-2022-35142
was published
for
raneto
(npm)
Aug 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
High
CVE-2022-24901
was published
for
parse-server
(npm)
May 4, 2022
Improper Authentication in react-adal
High
CVE-2020-7787
was published
for
react-adal
(npm)
Apr 13, 2021
Auto-merging Person Records Compromised
High
CVE-2021-32691
was published
for
@apollosproject/data-connector-rock
(npm)
Jun 21, 2021
Unauthorized Access to Private Fields in User Registration API
High
CVE-2023-39345
was published
for
@strapi/plugin-users-permissions
(npm)
Nov 3, 2023
Improper Key Verification in ipns
High
GHSA-j59f-6m4q-62h6
was published
for
ipns
(npm)
May 30, 2019
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
High
CVE-2024-47080
was published
for
matrix-js-sdk
(npm)
Oct 15, 2024
Lunary Improper Authentication vulnerability
High
CVE-2024-6582
was published
for
lunary
(npm)
Sep 13, 2024
ProTip!
Advisories are also available from the
GraphQL API