Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

6 advisories

Loading
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity Critical
CVE-2026-33950 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache) Critical
GHSA-xg6x-h9c9-2m83 was published for better-auth (npm) Apr 3, 2026
TriDecent Credited to TriDecent
mppx has multiple payment bypass and griefing vulnerabilities Critical
GHSA-8x4m-qw58-3pcx was published for mppx (npm) Mar 29, 2026
samczsun Credited to samczsun and veria-labs veria-labs veria-labs
FUXA has JWT Authentication Bypass via HTTP Referer header spoofing Critical
CVE-2025-69985 was published for @frangoteam/fuxa (npm) Feb 24, 2026
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling Critical
CVE-2025-68620 was published for signalk-server (npm) Jan 2, 2026
atsc11 Credited to atsc11
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability Critical
CVE-2024-39309 was published for parse-server (npm) Jul 1, 2024
mtrezza Credited to mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database