Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
36
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,916
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

494 advisories

Loading
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for... High Unreviewed
CVE-2025-20206 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27670 was published Mar 5, 2025
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has... High Unreviewed
CVE-2023-34058 was published Oct 27, 2023
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass... High Unreviewed
CVE-2025-2233 was published Mar 12, 2025
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20143 was published Mar 12, 2025
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check Moderate
CVE-2020-36843 was published for net.i2p.crypto:eddsa (Maven) Mar 13, 2025
Malayke
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and... Critical Unreviewed
CVE-2018-25099 was published Mar 18, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III... Critical Unreviewed
CVE-2024-47943 was published Oct 15, 2024
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) Critical
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful... Critical Unreviewed
CVE-2023-52538 was published Apr 8, 2024
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter... Moderate Unreviewed
CVE-2025-31335 was published Mar 28, 2025
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
MSI Center before 2.0.52.0 has Missing PE Signature Validation. High Unreviewed
CVE-2025-27813 was published Apr 10, 2025
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could... Moderate Unreviewed
CVE-2025-20178 was published Apr 16, 2025
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures... Moderate Unreviewed
CVE-2025-43903 was published Apr 18, 2025
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan... Moderate Unreviewed
CVE-2016-8021 was published May 17, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed
CVE-2017-6445 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database