Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

18 advisories

Loading
Forced Logout in keycloak-connect Moderate
CVE-2019-10157 was published for keycloak-connect (npm) Jun 13, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js Moderate
CVE-2017-11429 was published for saml2-js (npm) Jul 5, 2019
Validation bypass is possible in Json Pattern Validator Moderate
CVE-2019-19507 was published for jpv (npm) Dec 4, 2019
Validation Bypass in paypal-ipn Moderate
CVE-2014-10067 was published for paypal-ipn (npm) Aug 31, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
Sudden swap of user auth tokens in Volto Moderate
CVE-2022-24740 was published for @plone/volto (npm) Mar 14, 2022
Upstash Adapter missing token verification Moderate
CVE-2022-39263 was published for @next-auth/upstash-redis-adapter (npm) Sep 30, 2022
voinik
Authentication Bypass for passport-wsfed-saml2 Moderate
CVE-2022-23505 was published for passport-wsfed-saml2 (npm) Dec 13, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Arbitrary remote file read in Wrangler dev server Moderate
CVE-2023-7079 was published for wrangler (npm) Jan 3, 2024
Lekensteyn
Ghost's improper authentication allows access to member information and actions Moderate
CVE-2024-43409 was published for @tryghost/portal (npm) Aug 20, 2024
1337Nerd
ProTip! Advisories are also available from the GraphQL API