Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

545 advisories

Loading
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment Critical
CVE-2026-23518 was published for github.com/fleetdm/fleet (Go) Jan 20, 2026
prateek-0490
Credited to prateek-0490
Jervis Has a JWT Algorithm Confusion Vulnerability Moderate
CVE-2025-68925 was published for net.gleske:jervis (Maven) Jan 13, 2026
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf (Go) Jan 21, 2026
1seal kommendorkapten
rdimitrov
Credited to 1seal, kommendorkapten, and rdimitrov
sm-crypto Affected by Signature Forgery in SM2-DSA High
CVE-2026-23965 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
sm-crypto Affected by Signature Malleability in SM2-DSA High
CVE-2026-23967 was published for sm-crypto (npm) Jan 21, 2026
XlabAITeam
Credited to XlabAITeam
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper... High Unreviewed
CVE-2025-36418 was published Jan 20, 2026
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR... Moderate Unreviewed
CVE-2025-21004 was published Jul 8, 2025
A potential security vulnerability has been identified in the HP Linux Imaging and Printing... Moderate Unreviewed
CVE-2025-43023 was published Jul 28, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... High Unreviewed
CVE-2025-12006 was published Jan 16, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... High Unreviewed
CVE-2025-12007 was published Jan 16, 2026
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a... Critical Unreviewed
CVE-2024-21917 was published Jan 31, 2024
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback) High
CVE-2026-22818 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows Token Forgery and Auth Bypass High
CVE-2026-22817 was published for hono (npm) Jan 13, 2026
calloc134 devanshbatham
Credited to calloc134 and devanshbatham
Improper verification of cryptographic signature in Windows Admin Center allows an authorized... High Unreviewed
CVE-2026-20965 was published Jan 13, 2026
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary... Moderate Unreviewed
CVE-2025-68972 was published Dec 28, 2025
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
Credited to nandita-v
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Credited to raballew and bgilbert
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit... Critical Unreviewed
CVE-2023-53951 was published Dec 19, 2025
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before... Moderate Unreviewed
CVE-2025-55311 was published Dec 11, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Low Unreviewed
CVE-2025-43522 was published Dec 12, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43521 was published Dec 12, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... High Unreviewed
CVE-2025-43468 was published Nov 4, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43390 was published Nov 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database