GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,745
Composer 4,029
Erlang 29
GitHub Actions 16
Go 1,833
Maven 5,050
npm 3,573
NuGet 632
pip 3,160
Pub 10
RubyGems 847
Rust 798
Swift 34

Unreviewed advisories

All unreviewed 224,761

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

17 advisories

Filter by severity

Sort by

Least recently updated

Improper Authorization in aedes Moderate

CVE-2018-3778 was published for aedes (npm) Aug 15, 2018

Authorization bypass in express-jwt High

CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020

GraphQL: Security breach on Viewer query Moderate

CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020

Android WebView Universal Cross-site Scripting Moderate

CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020

Any logged in user could edit any other logged in user. High

CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021

parse-server new anonymous user session acts as if it's created with password Moderate

CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021

Incorrect Authorization in serverless-offline Critical

CVE-2021-38384 was published for serverless-offline (npm) Sep 1, 2021

Incorrect Authorization in @uppy/companion High

CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022

Incorrect Authorization in cross-fetch Moderate

CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022

Xen Orchestra Mishandles Authorization Moderate

CVE-2021-36383 was published for xo-server (npm) May 24, 2022

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical

CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022

Field-level access-control bypass for multiselect field Critical

CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022

Uniswap Universal Router Incorrect Authorization vulnerability High

CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023

AWS CDK EKS overly permissive trust policies Moderate

CVE-2023-35165 was published for @aws-cdk/aws-eks (npm) Jun 19, 2023

Incorrect Permission Checking for GraphQL Subscriptions Moderate

CVE-2023-38503 was published for directus (npm) Jul 25, 2023

Bypass of field access control in strapi-plugin-protected-populate Moderate

CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023

lunary-ai/lunary allows users unauthorized access to projects Critical

CVE-2024-4146 was published for lunary (npm) Jun 8, 2024

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

17 advisories