Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

555 advisories

Loading
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with... High Unreviewed
CVE-2026-23687 was published Feb 10, 2026
Keycloak affected by improper invitation token validation High
CVE-2026-1529 was published for org.keycloak:keycloak-services (Maven) Feb 9, 2026
eminaktas
Credited to eminaktas
Blocklist Bypass possible via ECDSA Signature Malleability High
CVE-2026-25793 was published for github.com/slackhq/nebula (Go) Feb 6, 2026
mrtufan
Credited to mrtufan
Juju has broken CMR authorization Low
CVE-2026-1237 was published for github.com/juju/juju (Go) Jan 29, 2026
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox... High Unreviewed
CVE-2026-0750 was published Jan 28, 2026
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov
Credited to orenyomtov
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when... Moderate Unreviewed
CVE-2025-15469 was published Jan 27, 2026
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods Low
CVE-2026-1190 was published for org.keycloak:keycloak-services (Maven) Jan 26, 2026
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam A7um
tl2cents keenanwgn
Credited to XlabAITeam, A7um, tl2cents, and keenanwgn
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam A7um
tl2cents keenanwgn
Credited to XlabAITeam, A7um, tl2cents, and keenanwgn
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment Critical
CVE-2026-23518 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490
Credited to prateek-0490
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper... High Unreviewed
CVE-2025-36418 was published Jan 20, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... High Unreviewed
CVE-2025-12007 was published Jan 16, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... High Unreviewed
CVE-2025-12006 was published Jan 16, 2026
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback) High
CVE-2026-22818 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass High
CVE-2026-22817 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
Improper verification of cryptographic signature in Windows Admin Center allows an authorized... High Unreviewed
CVE-2026-20965 was published Jan 13, 2026
Jervis Has a JWT Algorithm Confusion Vulnerability Moderate
CVE-2025-68925 was published for net.gleske:jervis (Maven) Jan 13, 2026
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary... Moderate Unreviewed
CVE-2025-68972 was published Dec 28, 2025
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit... Critical Unreviewed
CVE-2023-53951 was published Dec 19, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43521 was published Dec 12, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Low Unreviewed
CVE-2025-43522 was published Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database