Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

256 advisories

Loading
Unsigned SAML LogoutRequest Acceptance in gosaml2 High
GHSA-pcgw-qcv5-h8ch was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
validateSignature Loop Variable Capture Signature Bypass in goxmldsig High
CVE-2026-33487 was published for github.com/russellhaering/goxmldsig (Go) Mar 18, 2026
tomasilluminati Credited to tomasilluminati
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey High
CVE-2026-4258 was published for sjcl (npm) Mar 17, 2026
OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured High
GHSA-g353-mgv3-8pcj was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua
A high-privileged remote attacker can fully compromise the device by abusing an update signature... High Unreviewed
CVE-2025-41767 was published Mar 9, 2026
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification High
CVE-2026-28802 was published for authlib (pip) Mar 4, 2026
michael-guignard Credited to michael-guignard
AWS-LC has PKCS7_verify Signature Validation Bypass High
GHSA-hfpc-8r3f-gw53 was published for aws-lc-sys (Rust) Mar 3, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with... High Unreviewed
CVE-2026-23687 was published Feb 10, 2026
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas Credited to eminaktas
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
mrtufan Credited to mrtufan
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox... High Unreviewed
CVE-2026-0750 was published Jan 28, 2026
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam Credited to XlabAITeam, A7um, tl2cents, and keenanwgn A7um A7um
tl2cents tl2cents keenanwgn keenanwgn
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam Credited to XlabAITeam, A7um, tl2cents, and keenanwgn A7um A7um
tl2cents tl2cents keenanwgn keenanwgn
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper... High Unreviewed
CVE-2025-36418 was published Jan 20, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... High Unreviewed
CVE-2025-12007 was published Jan 16, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... High Unreviewed
CVE-2025-12006 was published Jan 16, 2026
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback) High
CVE-2026-22818 was published for hono (npm) Jan 13, 2026
calloc134 Credited to calloc134 and devanshbatham devanshbatham devanshbatham
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass High
CVE-2026-22817 was published for hono (npm) Jan 13, 2026
calloc134 Credited to calloc134 and devanshbatham devanshbatham devanshbatham
Improper verification of cryptographic signature in Windows Admin Center allows an authorized... High Unreviewed
CVE-2026-20965 was published Jan 13, 2026
Improper verification of cryptographic signatures in the patch management component of Ivanti... High Unreviewed
CVE-2025-13662 was published Dec 9, 2025
auth0/node-jws Improperly Verifies HMAC Signature High
CVE-2025-65945 was published for jws (npm) Dec 4, 2025
Sideni Credited to Sideni
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client... High Unreviewed
CVE-2025-64740 was published Nov 13, 2025
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig Credited to JoranHonig
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows... High Unreviewed
CVE-2025-64456 was published Nov 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database