GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
High
GHSA-7fpw-cfc4-3p2c
was published
for
passport-wsfed-saml2
(npm)
Dec 28, 2017
•
withdrawn
Authentication Bypass by Spoofing in express-cart
High
CVE-2018-16483
was published
for
express-cart
(npm)
Feb 7, 2019
Identity Spoofing in libp2p-secio
Critical
GHSA-rch7-f4h5-x9rj
was published
for
libp2p-secio
(npm)
Aug 23, 2019
Token verification bug in next-auth
Low
CVE-2021-21310
was published
for
next-auth
(npm)
Feb 11, 2021
Verification flaw in Solid identity-token-verifier
Moderate
GHSA-xmh9-rg6f-j3mr
was published
for
@solid/identity-token-verifier
(npm)
Mar 12, 2021
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
High
CVE-2018-7160
was published
for
node-inspector
(npm)
May 13, 2022
•
withdrawn
Electron vulnerable to URL spoofing via PDFium
Moderate
CVE-2017-1000424
was published
for
Electron
(npm)
May 13, 2022
Parse Server option `masterKeyIps` vulnerability to IP spoofing
High
CVE-2023-22474
was published
for
parse-server
(npm)
Jan 31, 2023
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
High
CVE-2017-16897
was published
for
passport-wsfed-saml2
(npm)
Jun 21, 2023
Fast-JWT Improperly Validates iss Claims
Moderate
CVE-2025-30144
was published
for
fast-jwt
(npm)
Mar 19, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage
Moderate
CVE-2025-63700
was published
for
@clerk/clerk-js
(npm)
Nov 20, 2025
Signal K Server Vulnerable to Access Request Spoofing
Moderate
CVE-2025-69203
was published
for
signalk-server
(npm)
Jan 2, 2026
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
Moderate
CVE-2026-21894
was published
for
n8n
(npm)
Jan 7, 2026
FUXA Unauthenticated Remote Code Execution in Node-RED Integration
Critical
CVE-2026-25938
was published
for
fuxa-server
(npm)
Feb 10, 2026
OpenClaw optional voice-call plugin: webhook verification may be bypassed behind certain proxy configurations
High
CVE-2026-28465
was published
for
@clawdbot/voice-call
(npm)
Feb 17, 2026
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
Moderate
CVE-2026-28471
was published
for
openclaw
(npm)
Feb 17, 2026
Nextcloud Talk allowlist bypass via actor.name display name spoofing
Critical
CVE-2026-28474
was published
for
@openclaw/nextcloud-talk
(npm)
Feb 17, 2026
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
Low
GHSA-chm2-m3w2-wcxm
was published
for
clawdbot
(npm)
Feb 17, 2026
OpenClaw Telegram allowlist authorization accepted mutable usernames
Moderate
CVE-2026-28480
was published
for
clawdbot
(npm)
Feb 18, 2026
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo
High
CVE-2026-27700
was published
for
hono
(npm)
Feb 25, 2026
n8n: Webhook Forgery on Github Webhook Trigger
Moderate
CVE-2026-56357
was published
for
n8n
(npm)
Feb 26, 2026
n8n has Webhook Forgery on Zendesk Trigger Node
Moderate
GHSA-38c7-23hj-2wgq
was published
for
n8n
(npm)
Feb 26, 2026
OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy
High
CVE-2026-32014
was published
for
openclaw
(npm)
Mar 3, 2026
ProTip!
Advisories are also available from the
GraphQL API