Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,816
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

600 advisories

Loading
Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege High
CVE-2026-40372 was published for Microsoft.AspNetCore.DataProtection (NuGet) Apr 23, 2026
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper... High Unreviewed
CVE-2026-5050 was published Apr 16, 2026
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected... Moderate Unreviewed
CVE-2026-24032 was published Apr 14, 2026
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and... High Unreviewed
CVE-2026-0234 was published Apr 13, 2026
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the... High Unreviewed
CVE-2026-5466 was published Apr 10, 2026
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths) High
CVE-2026-40070 was published for bsv-sdk (RubyGems) Apr 9, 2026
sgbett Credited to sgbett
lightrag-hku: JWT Algorithm Confusion Vulnerability Moderate
CVE-2026-39413 was published for lightrag-hku (pip) Apr 8, 2026
OpenClaw: Forged Nostr DMs could create pairing state before signature verification Moderate
CVE-2026-41301 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a... Moderate Unreviewed
CVE-2026-2625 was published Apr 3, 2026
StableLib Ed25519 Signature Malleability via Missing S < L Check Moderate
GHSA-x3ff-w252-2g7j was published for @stablelib/ed25519 (npm) Apr 1, 2026
kodareef5 Credited to kodareef5
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is... Critical Unreviewed
CVE-2026-34872 was published Apr 1, 2026
openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys Moderate
GHSA-8h88-gxp3-j7pg was published for openssl-encrypt (pip) Apr 1, 2026
jose vulnerable to untrusted JWK header key acceptance during signature verification High
CVE-2026-34240 was published for jose (Pub) Mar 31, 2026
splitline Credited to splitline
Zebra has a Consensus Failure due to Improper Verification of V5 Transactions High
CVE-2026-34377 was published for zebra-consensus (Rust) Mar 30, 2026
conradoplg Credited to conradoplg, mpguerra, and alchemydc mpguerra mpguerra
alchemydc alchemydc
nginx-ui Backup Restore Allows Tampering with Encrypted Backups Critical
CVE-2026-33026 was published for github.com/0xJacky/Nginx-UI (Go) Mar 30, 2026
dapickle Credited to dapickle
Duplicate Advisory: OpenClaw: Feishu webhook mode accepted forged events when only `verificationToken` was configured High
GHSA-vjqw-w5jr-g9w5 was published for openclaw (npm) Mar 29, 2026 withdrawn
Forge has signature forgery in Ed25519 due to missing S > L check High
CVE-2026-33895 was published for node-forge (npm) Mar 26, 2026
corbanvilla Credited to corbanvilla, dderpym, and soh3e dderpym dderpym
soh3e soh3e
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field High
CVE-2026-33894 was published for node-forge (npm) Mar 26, 2026
corbanvilla Credited to corbanvilla, dderpym, and soh3e dderpym dderpym
soh3e soh3e
libcrux has an Incorrect Check of Signer Response Norm During Verification High
GHSA-cp57-fq8g-qh6v was published for libcrux-ml-dsa (Rust) Mar 26, 2026
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2026-20699 was published Mar 25, 2026
jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic High
CVE-2026-4600 was published for jsrsasign (npm) Mar 23, 2026
Unsigned SAML LogoutRequest Acceptance in gosaml2 High
GHSA-pcgw-qcv5-h8ch was published for github.com/russellhaering/gosaml2 (Go) Mar 18, 2026
xclow3n Credited to xclow3n
validateSignature Loop Variable Capture Signature Bypass in goxmldsig High
CVE-2026-33487 was published for github.com/russellhaering/goxmldsig (Go) Mar 18, 2026
tomasilluminati Credited to tomasilluminati
A condition in ScreenConnect may allow an actor with access to server-level cryptographic... Critical Unreviewed
CVE-2026-3564 was published Mar 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database