Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

184 advisories

Loading
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization... High Unreviewed
CVE-2026-11800 was published Jun 26, 2026
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that... High Unreviewed
CVE-2026-55961 was published Jun 25, 2026
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code... High Unreviewed
CVE-2026-9779 was published Jun 25, 2026
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2026-10795 was published Jun 11, 2026
The Web-based Management allows a remote low privileged Engineer user to install additional APPs... High Unreviewed
CVE-2025-41669 was published May 27, 2026
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious... High Unreviewed
CVE-2024-36334 was published May 15, 2026
An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an... High Unreviewed
CVE-2026-0265 was published May 13, 2026
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to... High Unreviewed
CVE-2026-42501 was published May 7, 2026
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper... High Unreviewed
CVE-2026-5050 was published Apr 16, 2026
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and... High Unreviewed
CVE-2026-0234 was published Apr 13, 2026
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the... High Unreviewed
CVE-2026-5466 was published Apr 10, 2026
A high-privileged remote attacker can fully compromise the device by abusing an update signature... High Unreviewed
CVE-2025-41767 was published Mar 9, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with... High Unreviewed
CVE-2026-23687 was published Feb 10, 2026
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox... High Unreviewed
CVE-2026-0750 was published Jan 28, 2026
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper... High Unreviewed
CVE-2025-36418 was published Jan 20, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... High Unreviewed
CVE-2025-12006 was published Jan 16, 2026
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... High Unreviewed
CVE-2025-12007 was published Jan 16, 2026
Improper verification of cryptographic signature in Windows Admin Center allows an authorized... High Unreviewed
CVE-2026-20965 was published Jan 13, 2026
Improper verification of cryptographic signatures in the patch management component of Ivanti... High Unreviewed
CVE-2025-13662 was published Dec 9, 2025
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client... High Unreviewed
CVE-2025-64740 was published Nov 13, 2025
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows... High Unreviewed
CVE-2025-64456 was published Nov 10, 2025
Improper authentication in the API authentication middleware of HCL DevOps Loop allows... High Unreviewed
CVE-2025-55278 was published Nov 6, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... High Unreviewed
CVE-2025-43468 was published Nov 4, 2025
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or... High Unreviewed
CVE-2025-34503 was published Oct 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database