GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
48 advisories
Filter by severity
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication...
Critical
Unreviewed
CVE-2026-48558
was published
Jun 12, 2026
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as...
Critical
Unreviewed
CVE-2026-41005
was published
Jun 11, 2026
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8...
Critical
Unreviewed
CVE-2026-36721
was published
Jun 9, 2026
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with...
Critical
Unreviewed
CVE-2026-44748
was published
Jun 9, 2026
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is...
Critical
Unreviewed
CVE-2026-34872
was published
Apr 1, 2026
A condition in ScreenConnect may allow an actor with access to server-level cryptographic...
Critical
Unreviewed
CVE-2026-3564
was published
Mar 17, 2026
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of...
Critical
Unreviewed
CVE-2025-15444
was published
Jan 6, 2026
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit...
Critical
Unreviewed
CVE-2023-53951
was published
Dec 19, 2025
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0,...
Critical
Unreviewed
CVE-2025-59719
was published
Dec 9, 2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0...
Critical
Unreviewed
CVE-2025-59718
was published
Dec 9, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are...
Critical
Unreviewed
CVE-2025-40934
was published
Nov 27, 2025
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper...
Critical
Unreviewed
CVE-2025-9485
was published
Oct 4, 2025
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on...
Critical
Unreviewed
CVE-2025-54982
was published
Aug 5, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,...
Critical
Unreviewed
CVE-2025-8454
was published
Aug 1, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2...
Critical
Unreviewed
CVE-2025-32977
was published
Jun 26, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923...
Critical
Unreviewed
CVE-2025-27670
was published
Mar 5, 2025
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in...
Critical
Unreviewed
CVE-2024-11957
was published
Mar 4, 2025
A improper verification of cryptographic signature vulnerability in plugin management in iota C...
Critical
Unreviewed
CVE-2024-52958
was published
Nov 27, 2024
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III...
Critical
Unreviewed
CVE-2024-47943
was published
Oct 15, 2024
An improper verification of cryptographic signature vulnerability was identified in GitHub...
Critical
Unreviewed
CVE-2024-9487
was published
Oct 11, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-6800
was published
Aug 20, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"...
Critical
Unreviewed
CVE-2024-36277
was published
Jun 17, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
Vulnerability of package name verification being bypassed in the HwIms module.
Impact: Successful...
Critical
Unreviewed
CVE-2023-52538
was published
Apr 8, 2024
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and...
Critical
Unreviewed
CVE-2018-25099
was published
Mar 18, 2024
ProTip!
Advisories are also available from the
GraphQL API