GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
94 advisories
nginx-ui Backup Restore Allows Tampering with Encrypted Backups
Critical
CVE-2026-33026
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Mar 30, 2026
Authlib JWS JWK Header Injection: Signature Verification Bypass
Critical
CVE-2026-27962
was published
for
authlib
(pip)
Mar 16, 2026
SM9 Infinity-Point Ciphertext Forgery Vulnerability
Critical
CVE-2026-32614
was published
for
github.com/emmansun/gmsm
(Go)
Mar 13, 2026
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
Critical
CVE-2026-29000
was published
for
org.pac4j:pac4j-jwt
(Maven)
Mar 5, 2026
Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Critical
CVE-2026-23518
was published
for
github.com/fleetdm/fleet
(Go)
Jan 20, 2026
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Critical
CVE-2025-66568
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical
CVE-2025-66567
was published
for
ruby-saml
(RubyGems)
Dec 8, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
rfc3161-client has insufficient verification for timestamp response signatures
Critical
CVE-2025-52556
was published
for
rfc3161-client
(pip)
Jun 20, 2025
samlify SAML Signature Wrapping attack
Critical
CVE-2025-47949
was published
for
samlify
(npm)
May 19, 2025
ProTip!
Advisories are also available from the
GraphQL API