Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml Credited to ahacker1-securesaml and cjbarth cjbarth cjbarth
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml Credited to ahacker1-securesaml and cjbarth cjbarth cjbarth
samlify SAML Signature Wrapping attack Critical
CVE-2025-47949 was published for samlify (npm) May 19, 2025
ahacker1-securesaml Credited to ahacker1-securesaml
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml Credited to ahacker1-securesaml, marktran, mattgd, blairworkos, mthadley, nickcollisson-workos, and latacora-paul marktran marktran
mattgd mattgd blairworkos blairworkos mthadley mthadley nickcollisson-workos nickcollisson-workos latacora-paul latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd Credited to mattgd, blairworkos, mthadley, nickcollisson-workos, latacora-paul, ahacker1-securesaml, and marktran blairworkos blairworkos
mthadley mthadley nickcollisson-workos nickcollisson-workos latacora-paul latacora-paul ahacker1-securesaml ahacker1-securesaml marktran marktran
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43571 was published for starkbank-ecdsa (npm) Nov 10, 2021
Improper Verification of Cryptographic Signature Critical
CVE-2021-32685 was published for tenvoy (npm) Jun 28, 2021
Duplicate Advisory: Improper Verification of Cryptographic Signature Critical
GHSA-5w25-hxp5-h8c9 was published for tenvoy (npm) Jun 21, 2021 withdrawn
RSA signature validation vulnerability on maleable encoded message in jsrsasign Critical
CVE-2021-30246 was published for jsrsasign (npm) Apr 16, 2021
ProTip! Advisories are also available from the GraphQL API