Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@actual-app/sync-server

npm

actual syncing server

View on github.com · View on npmjs.org

Security Advisories for @actual-app/sync-server in npm

High
about 1 month ago

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers GSA_kwCzR0hTQS1wcnA0LTJmNDktZmNncM4ABVsa

npm @actual-app/sync-server
Moderate
3 months ago

Actual Sync Server has an Authenticated Path Traversal GSA_kwCzR0hTQS0yN3ZnLTMzZ2gtNGh3Z84ABTXI

npm @actual-app/sync-server
Moderate
3 months ago

@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode GSA_kwCzR0hTQS1xbWpqLXA3bTktd2pyds4ABS6k

npm @actual-app/sync-server
Critical
3 months ago

ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints GSA_kwCzR0hTQS1tMmNxLXhqZ20tZjY2OM4ABSy2

npm @actual-app/sync-server
Moderate
7 months ago

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers GSA_kwCzR0hTQS14dnA3LTh2bTgteGZ4eM4ABNjO

npm @actual-app/sync-server

Filter by Severity

Moderate 3 High 1 Critical 1