GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
16 advisories
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
High
CVE-2025-25305
was published
for
homeassistant
(pip)
Feb 18, 2025
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
High
CVE-2026-28802
was published
for
authlib
(pip)
Mar 4, 2026
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
High
CVE-2026-48526
was published
for
pyjwt
(pip)
Jun 15, 2026
PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missing
High
GHSA-fc26-m9pf-v56q
was published
for
praisonai
(pip)
Jun 18, 2026
PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged inbound webhooks (WhatsApp & Linear bots)
High
GHSA-x92v-rpx6-p6cw
was published
for
praisonai
(pip)
Jun 18, 2026
ProTip!
Advisories are also available from the
GraphQL API