GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
49 advisories
Authlib JWS JWK Header Injection: Signature Verification Bypass
Critical
CVE-2026-27962
was published
for
authlib
(pip)
Mar 16, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Critical
CVE-2026-32614
was published
for
github.com/emmansun/gmsm
(Go)
Mar 13, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
Critical
CVE-2026-29000
was published
for
org.pac4j:pac4j-jwt
(Maven)
Mar 5, 2026
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Critical
CVE-2026-23518
was published
for
github.com/fleetdm/fleet
(Go)
Jan 20, 2026
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
rfc3161-client has insufficient verification for timestamp response signatures
Critical
CVE-2025-52556
was published
for
rfc3161-client
(pip)
Jun 20, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Critical
CVE-2025-29775
was published
for
xml-crypto
(npm)
Mar 14, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
Critical
CVE-2025-29774
was published
for
xml-crypto
(npm)
Mar 14, 2025
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-25292
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
Critical
CVE-2025-25291
was published
for
ruby-saml
(RubyGems)
Mar 12, 2025
LTI JupyterHub Authenticator does not properly validate JWT Signature
Critical
CVE-2023-25574
was published
for
jupyterhub-ltiauthenticator
(pip)
Feb 25, 2025
SSOReady has an XML Signature Bypass via differential XML parsing
Critical
CVE-2024-47832
was published
for
github.com/ssoready/ssoready
(Go)
Oct 11, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
ProTip!
Advisories are also available from the
GraphQL API