Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

41 advisories

Loading
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the... Moderate Unreviewed
CVE-2026-56369 was published Jul 1, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
Astro: Server island encrypted parameters vulnerable to cross-component replay Low
CVE-2026-45028 was published for astro (npm) May 13, 2026
Popax21 Credited to Popax21
Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks Critical
CVE-2025-14813 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Apr 17, 2026
simon-reisinger-dynatrace Credited to simon-reisinger-dynatrace
Cryptographic issue may occur while encrypting license data. High Unreviewed
CVE-2025-47345 was published Jan 7, 2026
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets. High Unreviewed
CVE-2025-61739 was published Dec 22, 2025
@hpke/core reuses AEAD nonces Critical
CVE-2025-64767 was published for @hpke/core (npm) Nov 20, 2025
panva Credited to panva
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX... Moderate Unreviewed
CVE-2022-37660 was published Feb 12, 2025
Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption Moderate
GHSA-r2jw-c95q-rj29 was published for cocoon (Rust) Oct 2, 2024 withdrawn
PheonixAppAPI has visible Encoding Maps Moderate
CVE-2024-41951 was published for PheonixAppAPI (pip) Jul 31, 2024
AkshuDev Credited to AkshuDev
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024 withdrawn
drakkan Credited to drakkan
ProTip! Advisories are also available from the GraphQL API