GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
30 advisories
Filter by severity
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which...
High
Unreviewed
CVE-2026-21383
was published
Jul 6, 2026
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote...
Critical
Unreviewed
CVE-2026-59099
was published
Jul 2, 2026
ImageMagick before 7.1.2-22 contains an information disclosure vulnerability in the...
Moderate
Unreviewed
CVE-2026-56369
was published
Jul 1, 2026
AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were...
Low
Unreviewed
CVE-2026-55967
was published
Jun 25, 2026
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private...
Critical
Unreviewed
CVE-2026-12205
was published
Jun 16, 2026
Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability...
Critical
Unreviewed
CVE-2026-49952
was published
Jun 15, 2026
In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM...
Moderate
Unreviewed
CVE-2026-5446
was published
Apr 9, 2026
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability....
High
Unreviewed
CVE-2026-3559
was published
Mar 16, 2026
A flaw was found in Libsoup. The server-side digest authentication implementation in the...
Moderate
Unreviewed
CVE-2026-3099
was published
Mar 12, 2026
HCL MyXalytics v6.7 is affected by improper management of a static JWT signing secret in the web...
High
Unreviewed
CVE-2025-59870
was published
Jan 16, 2026
Cryptographic issue may occur while encrypting license data.
High
Unreviewed
CVE-2025-47345
was published
Jan 7, 2026
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.
High
Unreviewed
CVE-2025-61739
was published
Dec 22, 2025
Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14...
Moderate
Unreviewed
CVE-2025-46632
was published
May 2, 2025
In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX...
Moderate
Unreviewed
CVE-2022-37660
was published
Feb 12, 2025
The authentication process to the web server uses a challenge response procedure which
inludes...
Moderate
Unreviewed
CVE-2024-11022
was published
Dec 6, 2024
Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App...
Moderate
Unreviewed
CVE-2024-36289
was published
Jun 17, 2024
There is a difficult to exploit improper authentication issue in the Home application for Esri...
High
Unreviewed
CVE-2024-25699
was published
Apr 4, 2024
The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless...
Moderate
Unreviewed
CVE-2023-7003
was published
Mar 15, 2024
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA...
High
Unreviewed
CVE-2022-24401
was published
Oct 19, 2023
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2...
Moderate
Unreviewed
CVE-2020-1759
was published
May 24, 2022
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair...
Critical
Unreviewed
CVE-2019-7593
was published
May 24, 2022
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity...
Moderate
Unreviewed
CVE-2017-13088
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL)...
Moderate
Unreviewed
CVE-2017-13084
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the...
Moderate
Unreviewed
CVE-2017-13081
was published
May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup ...
Moderate
Unreviewed
CVE-2017-13086
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API