Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding High
CVE-2026-28498 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32600 was published for simplesamlphp/xml-security (Composer) Mar 13, 2026
Sideni Credited to Sideni and tvdijen tvdijen tvdijen
xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption High
CVE-2026-32313 was published for robrichards/xmlseclibs (Composer) Mar 13, 2026
Sideni Credited to Sideni
Striae has a hash validation utility vulnerability High
CVE-2026-31839 was published for @striae-org/striae (npm) Mar 11, 2026
StephenJLu Credited to StephenJLu
Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass High
CVE-2026-26275 was published for httpsig-hyper (Rust) Feb 17, 2026
divi255 Credited to divi255
rPGP's integrity protection of encrypted data was not always checked Moderate
GHSA-c7ph-f7jm-xv4w was published for pgp (Rust) Feb 13, 2026
go-git improperly verifies data integrity values for .idx and .pack files Moderate
CVE-2026-25934 was published for github.com/go-git/go-git/v5 (Go) Feb 10, 2026
N0zoM1z0 Credited to N0zoM1z0
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors... Critical Unreviewed
CVE-2025-11543 was published Dec 22, 2025
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause... Moderate Unreviewed
CVE-2025-33193 was published Nov 25, 2025
An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma®... Low Unreviewed
CVE-2025-4616 was published Nov 14, 2025
Protobuf Maven Plugin protocDigest is ignored when using protoc from PATH Low
GHSA-j2pc-v64r-mv4f was published for io.github.ascopes:protobuf-maven-plugin (Maven) Nov 4, 2025
Marcono1234 Credited to Marcono1234
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious... High Unreviewed
CVE-2024-7402 was published Aug 14, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE Critical
CVE-2025-54887 was published for jwe (RubyGems) Aug 7, 2025
Sideni Credited to Sideni
A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162.... High Unreviewed
CVE-2025-7096 was published Jul 7, 2025
electron ASAR Integrity bypass by just modifying the content High
CVE-2024-46992 was published for electron (npm) Jun 30, 2025
Just-Hack-For-Fun Credited to Just-Hack-For-Fun
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8... High Unreviewed
CVE-2025-39203 was published Jun 24, 2025
An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for... Moderate Unreviewed
CVE-2025-4418 was published Jun 12, 2025
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is... Moderate Unreviewed
CVE-2025-3479 was published Apr 17, 2025
The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and... Moderate Unreviewed
CVE-2025-3247 was published Apr 16, 2025
This issue was addressed with improved handling of executable types. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24148 was published Apr 1, 2025
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2... Moderate Unreviewed
CVE-2024-47573 was published Mar 14, 2025
Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect ... Moderate Unreviewed
CVE-2024-47935 was published Feb 17, 2025
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache Low
CVE-2025-25183 was published for vllm (pip) Feb 6, 2025
kexinoh Credited to kexinoh and russellb russellb russellb
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A... Critical Unreviewed
CVE-2023-50738 was published Jan 17, 2025
Lodestar snappy checksum issue Low
GHSA-m9c9-mc2h-9wjw was published for @lodestar/reqresp (npm) Jan 14, 2025
gln7 Credited to gln7
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database