Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20 advisories

Loading
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
Parse Server's custom object ID allows to acquire role privileges High
CVE-2024-47183 was published for parse-server (npm) Oct 4, 2024
mstniy mtrezza
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template Moderate
CVE-2024-45037 was published for aws-cdk (npm) Aug 27, 2024
t0bst4r
Bypass of field access control in strapi-plugin-protected-populate Moderate
CVE-2023-48218 was published for strapi-plugin-protected-populate (npm) Nov 20, 2023
AWS CDK EKS overly permissive trust policies Moderate
CVE-2023-35165 was published for @aws-cdk/aws-eks (npm) Jun 19, 2023
twelvemo stefreak
Incorrect Permission Checking for GraphQL Subscriptions Moderate
CVE-2023-38503 was published for directus (npm) Jul 25, 2023
madc
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Xen Orchestra Mishandles Authorization Moderate
CVE-2021-36383 was published for xo-server (npm) May 24, 2022
Incorrect Authorization in serverless-offline Critical
CVE-2021-38384 was published for serverless-offline (npm) Sep 1, 2021
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
ProTip! Advisories are also available from the GraphQL API