GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
48 advisories
Filter by severity
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication...
Critical
Unreviewed
CVE-2026-48558
was published
Jun 12, 2026
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as...
Critical
Unreviewed
CVE-2026-41005
was published
Jun 11, 2026
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8...
Critical
Unreviewed
CVE-2026-36721
was published
Jun 9, 2026
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0,...
Critical
Unreviewed
CVE-2025-59719
was published
Dec 9, 2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0...
Critical
Unreviewed
CVE-2025-59718
was published
Dec 9, 2025
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with...
Critical
Unreviewed
CVE-2026-44748
was published
Jun 9, 2026
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is...
Critical
Unreviewed
CVE-2026-34872
was published
Apr 1, 2026
A condition in ScreenConnect may allow an actor with access to server-level cryptographic...
Critical
Unreviewed
CVE-2026-3564
was published
Mar 17, 2026
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of...
Critical
Unreviewed
CVE-2025-15444
was published
Jan 6, 2026
A improper verification of cryptographic signature vulnerability in plugin management in iota C...
Critical
Unreviewed
CVE-2024-52958
was published
Nov 27, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a...
Critical
Unreviewed
CVE-2024-21917
was published
Jan 31, 2024
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit...
Critical
Unreviewed
CVE-2023-53951
was published
Dec 19, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are...
Critical
Unreviewed
CVE-2025-40934
was published
Nov 27, 2025
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III...
Critical
Unreviewed
CVE-2024-47943
was published
Oct 15, 2024
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2...
Critical
Unreviewed
CVE-2025-32977
was published
Jun 26, 2025
An Improper Verification of Cryptographic Signature vulnerability in the update process of...
Critical
Unreviewed
CVE-2023-5347
was published
Jan 9, 2024
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper...
Critical
Unreviewed
CVE-2025-9485
was published
Oct 4, 2025
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on...
Critical
Unreviewed
CVE-2025-54982
was published
Aug 5, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,...
Critical
Unreviewed
CVE-2025-8454
was published
Aug 1, 2025
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ...
Critical
Unreviewed
CVE-2023-25718
was published
Feb 13, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade...
Critical
Unreviewed
CVE-2021-36226
was published
Feb 6, 2023
Vulnerability of package name verification being bypassed in the HwIms module.
Impact: Successful...
Critical
Unreviewed
CVE-2023-52538
was published
Apr 8, 2024
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and...
Critical
Unreviewed
CVE-2018-25099
was published
Mar 18, 2024
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923...
Critical
Unreviewed
CVE-2025-27670
was published
Mar 5, 2025
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in...
Critical
Unreviewed
CVE-2024-11957
was published
Mar 4, 2025
ProTip!
Advisories are also available from the
GraphQL API