GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Malicious takeover of previously owned ENS names
High
CVE-2020-5232
was published
for
@ensdomains/ens
(npm)
Jan 30, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Improper Authorization in loopback
High
GHSA-8wgc-jjvv-cv6v
was published
for
loopback
(npm)
Sep 2, 2020
Improper Authorization in googleapis
High
GHSA-7543-mr7h-6v86
was published
for
googleapis
(npm)
Sep 2, 2020
Improper Authorization in react-oauth-flow
Critical
GHSA-65m9-m259-7jqw
was published
for
react-oauth-flow
(npm)
Sep 3, 2020
Improper Authorization in @sap-cloud-sdk/core
High
GHSA-r2vw-jgq9-jqx2
was published
for
@sap-cloud-sdk/core
(npm)
Sep 3, 2020
Authorization Bypass in graphql-shield
Low
GHSA-hx78-272p-mqqh
was published
for
graphql-shield
(npm)
Sep 3, 2020
Improper Authorization in passport-cognito
Critical
CVE-2019-19723
was published
for
passport-cognito
(npm)
Sep 4, 2020
Obsidian does not require user confirmation for non-http/https URLs.
Critical
CVE-2021-38148
was published
for
obsidian
(npm)
May 24, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Possible user mocking that bypasses basic authentication
Moderate
CVE-2023-48309
was published
for
next-auth
(npm)
Nov 20, 2023
EverShop vulnerable to improper authorization in GraphQL endpoints
High
CVE-2023-46942
was published
for
@evershop/evershop
(npm)
Jan 13, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
Bostr Improper Authorization vulnerability
Moderate
CVE-2024-41962
was published
for
bostr
(npm)
Aug 2, 2024
Flowise Authentication Bypass vulnerability
High
CVE-2024-8181
was published
for
flowise
(npm)
Aug 27, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
Next.js authorization bypass vulnerability
High
CVE-2024-51479
was published
for
next
(npm)
Dec 17, 2024
ProTip!
Advisories are also available from the
GraphQL API