Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
Auth bypass in SAML provider Critical
GHSA-433w-mm6h-rv9p was published for github.com/netlify/gotrue (Go) Jun 23, 2021
jupenur
@actions/core has Delimiter Injection Vulnerability in exportVariable Moderate
CVE-2022-35954 was published for @actions/core (npm) Aug 18, 2022
jupenur
Misinterpretation of malicious XML input Moderate
CVE-2021-21366 was published for xmldom (npm) Mar 12, 2021
jupenur karfau
brodycj
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
Authentication Bypass in github.com/russellhaering/gosaml2 Critical
CVE-2020-29509 was published for github.com/russellhaering/gosaml2 (Go) Feb 11, 2022
jupenur
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
Critical security issues in XML encoding in github.com/dexidp/dex Critical
CVE-2020-26290 was published for github.com/dexidp/dex (Go) Dec 20, 2021
jupenur ericchiang
justaugustus sagikazarmark
KaTeX's maxExpand bypassed by `\edef` Moderate
CVE-2024-28243 was published for katex (npm) Mar 25, 2024
jupenur edemaine
KaTeX's maxExpand bypassed by Unicode sub/superscripts Moderate
CVE-2024-28244 was published for katex (npm) Mar 25, 2024
jupenur ronkok
edemaine
KaTeX's `\includegraphics` does not escape filename Moderate
CVE-2024-28245 was published for katex (npm) Mar 25, 2024
martinvks edemaine
jupenur
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols Moderate
CVE-2024-28246 was published for katex (npm) Mar 25, 2024
7085 edemaine
jupenur
ProTip! Advisories are also available from the GraphQL API