Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,272
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,521
Pub
12
RubyGems
1,007
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Loading
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability.... Moderate Unreviewed
CVE-2026-3562 was published Mar 16, 2026
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1... Moderate Unreviewed
CVE-2026-20989 was published Mar 16, 2026
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of... Moderate Unreviewed
CVE-2025-52648 was published Mar 16, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature... Moderate Unreviewed
CVE-2026-2746 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature... Moderate Unreviewed
CVE-2026-27445 was published Mar 4, 2026
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function... Moderate Unreviewed
CVE-2025-15598 was published Mar 3, 2026
The system suffers from the absence of a kernel module signature verification. If an attacker can... Moderate Unreviewed
CVE-2025-32060 was published Feb 15, 2026
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov Credited to orenyomtov
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when... Moderate Unreviewed
CVE-2025-15469 was published Jan 27, 2026
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal Credited to 1seal, kommendorkapten, and rdimitrov kommendorkapten kommendorkapten
rdimitrov rdimitrov
Jervis Has a JWT Algorithm Confusion Vulnerability Moderate
CVE-2025-68925 was published for net.gleske:jervis (Maven) Jan 13, 2026
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary... Moderate Unreviewed
CVE-2025-68972 was published Dec 28, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD Credited to eternal-flame-AD
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43521 was published Dec 12, 2025
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before... Moderate Unreviewed
CVE-2025-55311 was published Dec 11, 2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker... Moderate Unreviewed
CVE-2025-59803 was published Dec 11, 2025
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43390 was published Nov 4, 2025
Cryptographic validation of upgrade images could be circumventing by dropping a specifically... Moderate Unreviewed
CVE-2025-54549 was published Oct 30, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen Credited to katexochen and tjade273 tjade273 tjade273
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function... Moderate Unreviewed
CVE-2025-12295 was published Oct 27, 2025
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization Moderate
CVE-2023-44273 was published for github.com/consensys/gnark-crypto (Go) Oct 15, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... Moderate Unreviewed
CVE-2025-6198 was published Sep 19, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... Moderate Unreviewed
CVE-2025-7937 was published Sep 19, 2025
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated... Moderate Unreviewed
CVE-2025-20248 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database