GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which...
High
Unreviewed
CVE-2026-21383
was published
Jul 6, 2026
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote...
Critical
Unreviewed
CVE-2026-59099
was published
Jul 2, 2026
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the...
Moderate
Unreviewed
CVE-2026-56369
was published
Jul 1, 2026
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were...
Low
Unreviewed
CVE-2026-55967
was published
Jun 25, 2026
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private...
Critical
Unreviewed
CVE-2026-12205
was published
Jun 16, 2026
Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability...
Critical
Unreviewed
CVE-2026-49952
was published
Jun 15, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse
Low
GHSA-qv2q-c278-pch5
was published
for
Magick.NET-Q16-AnyCPU
(NuGet)
May 21, 2026
Astro: Server island encrypted parameters vulnerable to cross-component replay
Low
CVE-2026-45028
was published
for
astro
(npm)
May 13, 2026
Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks
Critical
CVE-2025-14813
was published
for
org.bouncycastle:bcprov-debug-jdk14
(Maven)
Apr 17, 2026
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM...
Moderate
Unreviewed
CVE-2026-5446
was published
Apr 9, 2026
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability....
High
Unreviewed
CVE-2026-3559
was published
Mar 16, 2026
A flaw was found in Libsoup. The server-side digest authentication implementation in the...
Moderate
Unreviewed
CVE-2026-3099
was published
Mar 12, 2026
HCL MyXalytics v6.7 is affected by improper management of a static JWT signing secret in the web...
High
Unreviewed
CVE-2025-59870
was published
Jan 16, 2026
Cryptographic issue may occur while encrypting license data.
High
Unreviewed
CVE-2025-47345
was published
Jan 7, 2026
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
High
Unreviewed
CVE-2025-61739
was published
Dec 22, 2025
@hpke/core reuses AEAD nonces
Critical
CVE-2025-64767
was published
for
@hpke/core
(npm)
Nov 20, 2025
Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14...
Moderate
Unreviewed
CVE-2025-46632
was published
May 2, 2025
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX...
Moderate
Unreviewed
CVE-2022-37660
was published
Feb 12, 2025
The authentication process to the web server uses a challenge response procedure which
inludes...
Moderate
Unreviewed
CVE-2024-11022
was published
Dec 6, 2024
Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption
Moderate
GHSA-r2jw-c95q-rj29
was published
for
cocoon
(Rust)
Oct 2, 2024
•
withdrawn
PheonixAppAPI has visible Encoding Maps
Moderate
CVE-2024-41951
was published
for
PheonixAppAPI
(pip)
Jul 31, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App...
Moderate
Unreviewed
CVE-2024-36289
was published
Jun 17, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless...
Moderate
Unreviewed
CVE-2023-7003
was published
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API