Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

605 advisories

Loading
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic... Moderate Unreviewed
CVE-2025-46371 was published May 26, 2026
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which... High Unreviewed
CVE-2026-44053 was published May 21, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation Critical
CVE-2026-46395 was published for @haxtheweb/haxcms-nodejs (npm) May 19, 2026
shreyas-challa Credited to shreyas-challa
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens Moderate
CVE-2026-45701 was published for sulu/sulu (Composer) May 18, 2026
gangadhar-s-k Credited to gangadhar-s-k, mamazu, alexander-schranz, and Prokyonn mamazu mamazu
alexander-schranz alexander-schranz Prokyonn Prokyonn
A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the... Moderate Unreviewed
CVE-2026-8803 was published May 18, 2026
Insecure generation of credentials in the local SAT (Technical Support) access functionality of... Critical Unreviewed
CVE-2026-8072 was published May 12, 2026
This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow... High Unreviewed
CVE-2026-6411 was published May 8, 2026
Paramiko rsakey.py allows the SHA-1 algorithm Low
CVE-2026-44405 was published for paramiko (pip) May 6, 2026
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm Low
CVE-2026-7845 was published for langchain-chatchat (pip) May 5, 2026
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function... Moderate Unreviewed
CVE-2026-7103 was published Apr 27, 2026
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container... Moderate Unreviewed
CVE-2026-5926 was published Apr 23, 2026
Gitea has insecure default SSH settings Moderate
GHSA-3m6q-h5gj-7mrw was published for code.gitea.io/gitea (Go) Apr 22, 2026
gnzsnz Credited to gnzsnz
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a... High Unreviewed
CVE-2026-32959 was published Apr 20, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc... Critical Unreviewed
CVE-2025-14813 was published Apr 17, 2026
Flowise: Weak Default JWT Secrets Moderate
GHSA-cc4f-hjpj-g9p8 was published for flowise (npm) Apr 16, 2026
kolega-ai-dev Credited to kolega-ai-dev
Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules Moderate
CVE-2026-5588 was published for org.bouncycastle:bcpkix-debug-jdk14 (Maven) Apr 15, 2026
Apache Tomcat: Configured cipher preference order not preserved High
CVE-2026-29129 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
aruneko Credited to aruneko
LiteLLM: Password hash exposure and pass-the-hash authentication bypass High
GHSA-69x8-hrgq-fjj8 was published for litellm (pip) Apr 8, 2026
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures... High Unreviewed
CVE-2025-14859 was published Apr 7, 2026
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key Critical
CVE-2026-34950 was published for fast-jwt (npm) Apr 2, 2026
rtvkiz Credited to rtvkiz
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that... Moderate Unreviewed
CVE-2025-13916 was published Apr 1, 2026
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP... High Unreviewed
CVE-2019-25651 was published Mar 28, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
MinIO has JWT Algorithm Confusion in OIDC Authentication Critical
CVE-2026-33322 was published for github.com/minio/minio (Go) Mar 19, 2026
KoreaSecurity Credited to KoreaSecurity, donatello, harshavardhana, and taran-p donatello donatello
harshavardhana harshavardhana taran-p taran-p
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15... High Unreviewed
CVE-2026-20996 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database