Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,161
Maven
5,000+
npm
5,000+
NuGet
861
pip
4,455
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

566 advisories

Loading
A high-privileged remote attacker can fully compromise the device by abusing an update signature... High Unreviewed
CVE-2025-41767 was published Mar 9, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT Critical
CVE-2026-29000 was published for org.pac4j:pac4j-jwt (Maven) Mar 5, 2026
fritzdal Credited to fritzdal
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification High
CVE-2026-28802 was published for authlib (pip) Mar 4, 2026
michael-guignard Credited to michael-guignard
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature... Moderate Unreviewed
CVE-2026-27445 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature... Moderate Unreviewed
CVE-2026-2746 was published Mar 4, 2026
AWS-LC has PKCS7_verify Signature Validation Bypass High
GHSA-hfpc-8r3f-gw53 was published for aws-lc-sys (Rust) Mar 3, 2026
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function... Moderate Unreviewed
CVE-2025-15598 was published Mar 3, 2026
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass Low
CVE-2025-12150 was published for org.keycloak:keycloak-services (Maven) Feb 27, 2026
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation Low
CVE-2026-22866 was published for @ensdomains/ens-contracts (npm) Feb 25, 2026
The system suffers from the absence of a kernel module signature verification. If an attacker can... Moderate Unreviewed
CVE-2025-32060 was published Feb 15, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with... High Unreviewed
CVE-2026-23687 was published Feb 10, 2026
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
mrtufan Credited to mrtufan
Juju has broken CMR authorization Low
CVE-2026-1237 was published for github.com/juju/juju (Go) Jan 29, 2026
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox... High Unreviewed
CVE-2026-0750 was published Jan 28, 2026
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov Credited to orenyomtov
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when... Moderate Unreviewed
CVE-2025-15469 was published Jan 27, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal Credited to 1seal, kommendorkapten, and rdimitrov kommendorkapten kommendorkapten
rdimitrov rdimitrov
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam Credited to XlabAITeam, A7um, tl2cents, and keenanwgn A7um A7um
tl2cents tl2cents keenanwgn keenanwgn
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam Credited to XlabAITeam, A7um, tl2cents, and keenanwgn A7um A7um
tl2cents tl2cents keenanwgn keenanwgn
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment Critical
CVE-2026-23518 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490 Credited to prateek-0490
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper... High Unreviewed
CVE-2025-36418 was published Jan 20, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... High Unreviewed
CVE-2025-12006 was published Jan 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database