Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
Cryptographic validation of upgrade images could be circumventing by dropping a specifically... Moderate Unreviewed
CVE-2025-54549 was published Oct 30, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or... High Unreviewed
CVE-2025-34503 was published Oct 25, 2025
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate High
CVE-2025-59288 was published for playwright (npm) Oct 14, 2025
JLLeitschuh
Credited to JLLeitschuh
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows... High Unreviewed
CVE-2013-3900 was published May 3, 2022
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly... High Unreviewed
CVE-2025-47827 was published Jun 5, 2025
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Low Unreviewed
CVE-2020-1464 was published May 24, 2022
When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate... High Unreviewed
CVE-2020-2021 was published May 24, 2022
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization Moderate
GHSA-fr8m-434r-g3xp was published for github.com/consensys/gnark-crypto (Go) Oct 15, 2025
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS... High Unreviewed
CVE-2025-46774 was published Oct 14, 2025
An Improper Verification of Cryptographic Signature vulnerability in the update process of... Critical Unreviewed
CVE-2023-5347 was published Jan 9, 2024
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper... Critical Unreviewed
CVE-2025-9485 was published Oct 4, 2025
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned.... High Unreviewed
CVE-2025-52550 was published Oct 1, 2025
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended... Low Unreviewed
CVE-2024-6580 was published Jul 8, 2024
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... Moderate Unreviewed
CVE-2025-7937 was published Sep 19, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... Moderate Unreviewed
CVE-2025-6198 was published Sep 19, 2025
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Credited to p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) Critical
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
Credited to ahacker1-securesaml
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
Credited to sunyxedu, A7um, XlabAITeam, and zL1nX
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
Credited to AndrzejBiernacki2010 and SunBK201
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated... Moderate Unreviewed
CVE-2025-20248 was published Sep 10, 2025
An improper verification of cryptographic signature vulnerability was identified in GitHub... Moderate Unreviewed
CVE-2025-23369 was published Jan 21, 2025
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010
Credited to AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database