Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,580
Maven
5,000+
npm
5,000+
NuGet
919
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

212 advisories

Loading
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge Moderate
CVE-2026-34068 was published for nimiq-transaction (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected... Moderate Unreviewed
CVE-2026-24032 was published Apr 14, 2026
lightrag-hku: JWT Algorithm Confusion Vulnerability Moderate
CVE-2026-39413 was published for lightrag-hku (pip) Apr 8, 2026
OpenClaw: Forged Nostr DMs could create pairing state before signature verification Moderate
CVE-2026-41301 was published for openclaw (npm) Apr 7, 2026
smaeljaish771 Credited to smaeljaish771 and KeenSecurityLab KeenSecurityLab KeenSecurityLab
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a... Moderate Unreviewed
CVE-2026-2625 was published Apr 3, 2026
StableLib Ed25519 Signature Malleability via Missing S < L Check Moderate
GHSA-x3ff-w252-2g7j was published for @stablelib/ed25519 (npm) Apr 1, 2026
kodareef5 Credited to kodareef5
openssl-encrypt's unverified key bundle from_dict() + to_identity() path allows encryption to attacker keys Moderate
GHSA-8h88-gxp3-j7pg was published for openssl-encrypt (pip) Apr 1, 2026
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2026-20699 was published Mar 25, 2026
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability.... Moderate Unreviewed
CVE-2026-3562 was published Mar 16, 2026
Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows... Moderate Unreviewed
CVE-2026-21002 was published Mar 16, 2026
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1... Moderate Unreviewed
CVE-2026-20989 was published Mar 16, 2026
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15... Moderate Unreviewed
CVE-2026-20997 was published Mar 16, 2026
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of... Moderate Unreviewed
CVE-2025-52648 was published Mar 16, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature... Moderate Unreviewed
CVE-2026-27445 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature... Moderate Unreviewed
CVE-2026-2746 was published Mar 4, 2026
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function... Moderate Unreviewed
CVE-2025-15598 was published Mar 3, 2026
The system suffers from the absence of a kernel module signature verification. If an attacker can... Moderate Unreviewed
CVE-2025-32060 was published Feb 15, 2026
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices Moderate
CVE-2026-24850 was published for ml-dsa (Rust) Jan 28, 2026
orenyomtov Credited to orenyomtov
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when... Moderate Unreviewed
CVE-2025-15469 was published Jan 27, 2026
go-tuf improperly validates the configured threshold for delegations Moderate
CVE-2026-23992 was published for github.com/theupdateframework/go-tuf/v2 (Go) Jan 21, 2026
1seal Credited to 1seal, kommendorkapten, and rdimitrov kommendorkapten kommendorkapten
rdimitrov rdimitrov
Jervis Has a JWT Algorithm Confusion Vulnerability Moderate
CVE-2025-68925 was published for net.gleske:jervis (Maven) Jan 13, 2026
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary... Moderate Unreviewed
CVE-2025-68972 was published Dec 28, 2025
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD Credited to eternal-flame-AD
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43521 was published Dec 12, 2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker... Moderate Unreviewed
CVE-2025-59803 was published Dec 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database