GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased...
High
Unreviewed
CVE-2026-14570
was published
Jul 5, 2026
An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive...
High
Unreviewed
CVE-2024-51346
was published
Mar 25, 2026
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable...
High
Unreviewed
CVE-2026-25072
was published
Mar 7, 2026
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA...
High
Unreviewed
CVE-2026-20101
was published
Mar 4, 2026
OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing
High
GHSA-hv93-r4j3-q65f
was published
for
openclaw
(npm)
Feb 17, 2026
Jervis Has Weak Random for Timing Attack Mitigation
High
CVE-2025-68704
was published
for
net.gleske:jervis
(Maven)
Jan 13, 2026
gokey allows secret recovery from a seed file without the master password
High
CVE-2025-13353
was published
for
github.com/cloudflare/gokey
(Go)
Dec 2, 2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack...
High
Unreviewed
CVE-2024-56089
was published
Dec 1, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A...
High
Unreviewed
CVE-2025-59371
was published
Nov 25, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public...
High
Unreviewed
CVE-2025-13470
was published
Nov 21, 2025
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover...
High
Unreviewed
CVE-2024-12432
was published
Dec 18, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials
High
GHSA-phh4-3hmm-24rx
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate...
High
Unreviewed
CVE-2024-41708
was published
Sep 25, 2024
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in...
High
Unreviewed
CVE-2024-21460
was published
Jul 1, 2024
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th...
High
Unreviewed
CVE-2024-25943
was published
Jun 29, 2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All...
High
Unreviewed
CVE-2024-35292
was published
Jun 11, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High
GHSA-xg9w-r469-m455
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email...
High
Unreviewed
CVE-2024-4185
was published
Apr 30, 2024
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-0761
was published
Feb 6, 2024
Insecure random string generator used for sensitive data
High
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
High
CVE-2023-48056
was published
for
pypinksign
(pip)
Nov 16, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ...
High
Unreviewed
CVE-2020-27213
was published
Oct 10, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of...
High
Unreviewed
CVE-2023-34353
was published
Sep 5, 2023
Functions with insufficient randomness were used to generate authorization tokens of the...
High
Unreviewed
CVE-2023-26451
was published
Aug 2, 2023
ProTip!
Advisories are also available from the
GraphQL API