Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin
thorsten/phpmyfaq vulnerable to authentication bypass High
CVE-2023-1886 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
django-mfa2 vulnerable to MFA Replay attack High
CVE-2022-42731 was published for django-mfa2 (pip) Oct 11, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
Authentication Bypass by Capture-replay in Apache Spark High
CVE-2021-38296 was published for org.apache.spark:spark-core (Maven) Mar 11, 2022
AlmogApiiro
Multi-Factor Authentication issue in Laravel Fortify High
CVE-2022-25838 was published for laravel/fortify (Composer) Feb 25, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET High
CVE-2020-5261 was published for Sustainsys.Saml2 (NuGet) Mar 25, 2020
ProTip! Advisories are also available from the GraphQL API