GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
106 advisories
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
Critical
GHSA-qxvg-h7q2-hcxh
was published
for
motioneye
(pip)
Jun 23, 2026
LTI JupyterHub Authenticator does not properly validate JWT Signature
Critical
CVE-2023-25574
was published
for
jupyterhub-ltiauthenticator
(pip)
Feb 25, 2025
Security feature bypass vulnerability in Azure Key Vault Keys library for Java
Critical
CVE-2026-33117
was published
for
com.azure:azure-security-keyvault-keys
(Maven)
May 12, 2026
Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
Critical
CVE-2026-46354
was published
for
github.com/coder/coder
(Go)
May 19, 2026
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
Critical
CVE-2026-44497
was published
for
zebra-script
(Rust)
May 7, 2026
Netmaker does not verify JWT signatures for host tokens
Critical
CVE-2026-38651
was published
for
github.com/gravitl/netmaker
(Go)
Apr 28, 2026
Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege
Critical
CVE-2026-40372
was published
for
Microsoft.AspNetCore.DataProtection
(NuGet)
Apr 23, 2026
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
Critical
CVE-2026-33026
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Mar 30, 2026
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Critical
CVE-2026-23518
was published
for
github.com/fleetdm/fleet
(Go)
Jan 20, 2026
Authlib JWS JWK Header Injection: Signature Verification Bypass
Critical
CVE-2026-27962
was published
for
authlib
(pip)
Mar 16, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Critical
CVE-2026-32614
was published
for
github.com/emmansun/gmsm
(Go)
Mar 13, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
Critical
CVE-2026-29000
was published
for
org.pac4j:pac4j-jwt
(Maven)
Mar 5, 2026
ProTip!
Advisories are also available from the
GraphQL API