GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
571 advisories
Authlib JWS JWK Header Injection: Signature Verification Bypass
Critical
CVE-2026-27962
was published
for
authlib
(pip)
Mar 16, 2026
OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured
High
GHSA-g353-mgv3-8pcj
was published
for
openclaw
(npm)
Mar 13, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Critical
CVE-2026-32614
was published
for
github.com/emmansun/gmsm
(Go)
Mar 13, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
Critical
CVE-2026-29000
was published
for
org.pac4j:pac4j-jwt
(Maven)
Mar 5, 2026
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
High
CVE-2026-28802
was published
for
authlib
(pip)
Mar 4, 2026
Keycloak affected by improper invitation token validation
High
CVE-2026-1529
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 9, 2026
Blocklist Bypass possible via ECDSA Signature Malleability
High
CVE-2026-25793
was published
for
github.com/slackhq/nebula
(Go)
Feb 6, 2026
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
Moderate
CVE-2026-24850
was published
for
ml-dsa
(Rust)
Jan 28, 2026
go-tuf improperly validates the configured threshold for delegations
Moderate
CVE-2026-23992
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Jan 21, 2026
ProTip!
Advisories are also available from the
GraphQL API