Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass Low
CVE-2025-12150 was published for org.keycloak:keycloak-services (Maven) Feb 27, 2026
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation Low
CVE-2026-22866 was published for @ensdomains/ens-contracts (npm) Feb 25, 2026
Juju has broken CMR authorization Low
CVE-2026-1237 was published for github.com/juju/juju (Go) Jan 29, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Low Unreviewed
CVE-2025-43522 was published Dec 12, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64786 was published Dec 9, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64787 was published Dec 9, 2025
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF... Low Unreviewed
CVE-2025-2866 was published Apr 27, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
mfulton26 Credited to mfulton26
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec Credited to yuligesec
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello Credited to martincostello, IchordeDionysos, and tal-sealsecurity IchordeDionysos IchordeDionysos
tal-sealsecurity tal-sealsecurity
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS Credited to Markus-MS
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard Credited to BlazingWizard
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard Credited to BlazingWizard
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended... Low Unreviewed
CVE-2024-6580 was published Jul 8, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability Low Unreviewed
CVE-2024-21383 was published Jan 26, 2024
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16... Low Unreviewed
CVE-2023-2030 was published Jan 12, 2024
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin Credited to josephsurin
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier)... Low Unreviewed
CVE-2020-24439 was published May 24, 2022
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Low Unreviewed
CVE-2020-1464 was published May 24, 2022
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC... Low Unreviewed
CVE-2018-1842 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database