Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
isolated-vm has vulnerable CachedDataOptions in API Critical
CVE-2022-39266 was published for isolated-vm (npm) Sep 30, 2022
hedgehog80
API token verification can be bypassed in NodeBB Critical
CVE-2021-43786 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Authentication Bypass in express-laravel-passport Critical
GHSA-v66p-w7qx-wv98 was published for express-laravel-passport (npm) Sep 4, 2020
API Admin Auth Weakness in tomato Critical
CVE-2013-7379 was published for tomato (npm) Aug 31, 2020
Authentication Bypass in console-io Critical
CVE-2016-10532 was published for console-io (npm) Feb 18, 2019
Authentication Bypass in hapi-auth-jwt2 Critical
CVE-2016-10525 was published for hapi-auth-jwt2 (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API