Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

630 advisories

Loading
kas's late signature validation may allow unnoticed repository manipulations Low
CVE-2026-47192 was published for kas (pip) Jun 4, 2026
fmoessbauer Credited to fmoessbauer
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http... Low Unreviewed
CVE-2026-6873 was published Jun 3, 2026
kas checks out SHA-like git branches as valid commits Low
CVE-2026-47191 was published for kas (pip) Jun 1, 2026
adityasaky Credited to adityasaky
Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification Moderate
CVE-2026-47212 was published for symfony/symfony (Composer) May 29, 2026
nicolas-grekas Credited to nicolas-grekas
Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection Moderate
CVE-2026-45755 was published for symfony/mailtrap-mailer (Composer) May 28, 2026
alexandre-daubois Credited to alexandre-daubois and unknownhad unknownhad unknownhad
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is... Moderate Unreviewed
CVE-2026-9793 was published May 28, 2026
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass. Moderate Unreviewed
CVE-2025-67903 was published May 27, 2026
The Web-based Management allows a remote low privileged Engineer user to install additional APPs... High Unreviewed
CVE-2025-41669 was published May 27, 2026
Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring High
CVE-2026-42462 was published for @fedify/fedify (npm) May 26, 2026
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft Critical
CVE-2026-46354 was published for github.com/coder/coder (Go) May 19, 2026
bencalif Credited to bencalif
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case High
GHSA-fhvh-vw7h-9xf3 was published for libcrux-ml-dsa (Rust) May 19, 2026
Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client High
CVE-2026-45575 was published for com.oviva.telematik:epa4all-client (Maven) May 15, 2026
snomi Credited to snomi and Volcore Volcore Volcore
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious... High Unreviewed
CVE-2024-36334 was published May 15, 2026
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an... High Unreviewed
CVE-2026-0265 was published May 13, 2026
OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover Moderate
CVE-2026-44720 was published for openlearnx (npm) May 13, 2026
krrazee Credited to krrazee and 0x5t4l1n 0x5t4l1n 0x5t4l1n
Security feature bypass vulnerability in Azure Key Vault Keys library for Java Critical
CVE-2026-33117 was published for com.azure:azure-security-keyvault-keys (Maven) May 12, 2026
scottaddie Credited to scottaddie
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits Moderate
CVE-2026-44309 was published for github.com/sigstore/gitsign (Go) May 8, 2026
bugbunny-research Credited to bugbunny-research
bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass High
CVE-2026-44714 was published for org.bitcoinj:bitcoinj-core (Maven) May 8, 2026
jmecom Credited to jmecom, msgilligan, and schildbach msgilligan msgilligan
schildbach schildbach
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to... High Unreviewed
CVE-2026-42501 was published May 7, 2026
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer Critical
CVE-2026-44497 was published for zebra-script (Rust) May 7, 2026
sangsoo-osec Credited to sangsoo-osec
axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification Moderate
GHSA-248h-974q-xrc2 was published for com.getaxonflow:axonflow-sdk (Maven) May 6, 2026
axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification Moderate
GHSA-mph8-9v29-pm42 was published for @axonflow/sdk (npm) May 6, 2026
axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification Moderate
GHSA-mhc4-qq83-fmrr was published for github.com/getaxonflow/axonflow-sdk-go/v5 (Go) May 6, 2026
axonflow-sdk-python: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification Moderate
GHSA-7f4h-6264-89fr was published for axonflow (pip) May 6, 2026
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay High
CVE-2026-42602 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (Go) May 6, 2026
caitlinhalla Credited to caitlinhalla
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database