Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

148 advisories

Loading
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors... Critical Unreviewed
CVE-2025-11543 was published Dec 22, 2025
go-git improperly verifies data integrity values for .idx and .pack files Moderate
CVE-2026-25934 was published for github.com/go-git/go-git/v5 (Go) Feb 10, 2026
N0zoM1z0 Credited to N0zoM1z0
rPGP's integrity protection of encrypted data was not always checked Moderate
GHSA-c7ph-f7jm-xv4w was published for pgp (Rust) Feb 13, 2026
Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass High
CVE-2026-26275 was published for httpsig-hyper (Rust) Feb 17, 2026
divi255 Credited to divi255
Striae has a hash validation utility vulnerability High
CVE-2026-31839 was published for @striae-org/striae (npm) Mar 11, 2026
StephenJLu Credited to StephenJLu
xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32313 was published for robrichards/xmlseclibs (Composer) Mar 13, 2026
Sideni Credited to Sideni
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32600 was published for simplesamlphp/xml-security (Composer) Mar 13, 2026
Sideni Credited to Sideni and tvdijen tvdijen tvdijen
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding High
CVE-2026-28498 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
nginx-ui Backup Restore Allows Tampering with Encrypted Backups Critical
CVE-2026-33026 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
SzafirHost downloads necessary files in the context of the initiating web page. When called,... High Unreviewed
CVE-2026-26928 was published Apr 2, 2026
A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover... Moderate Unreviewed
CVE-2026-5504 was published Apr 10, 2026
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal ... High Unreviewed
CVE-2026-5479 was published Apr 10, 2026
SP1 V6 Recursion Circuit Row-Count Binding Gap High
CVE-2026-40323 was published for sp1_prover (Rust) Apr 14, 2026
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs Critical
GHSA-cwfq-rfcr-8hmp was published for zebrad (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec, defuse, mpguerra, and upbqdn defuse defuse
mpguerra mpguerra upbqdn upbqdn
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output Critical
GHSA-pvmv-cwg8-v6c8 was published for zebra-script (Rust) May 8, 2026
sangsoo-osec Credited to sangsoo-osec and fivelittleducks fivelittleducks fivelittleducks
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler Moderate
CVE-2026-8597 was published for sagemaker (pip) May 21, 2026
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input... Critical Unreviewed
CVE-2026-34182 was published Jun 9, 2026
Issue Summary: The PKCS#12 file processing fails to perform sufficient input validation for files... High Unreviewed
CVE-2026-34181 was published Jun 9, 2026
A security issue exists within 1769 CompactLogix controllers due to the missing validation of... High Unreviewed
CVE-2025-11694 was published Jun 16, 2026
Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt... Moderate Unreviewed
CVE-2026-49230 was published Jun 19, 2026
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the... Moderate Unreviewed
CVE-2026-8720 was published Jun 26, 2026
pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field Moderate
CVE-2026-50021 was published for pnpm (npm) Jun 26, 2026
tempcollab Credited to tempcollab
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database