GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
675 advisories
Filter by severity
YesWiki Vulnerable to Unauthenticated ActivityPub Signature-Verification Bypass via `!openssl_verify(...)` accepting `int(-1)`
High
CVE-2026-52767
was published
for
yeswiki/yeswiki
(Composer)
Jul 9, 2026
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass...
Moderate
Unreviewed
CVE-2026-9027
was published
Jul 9, 2026
Improper verification of cryptographic signature vulnerability in HAVELSAN Inc. Liman MYS allows...
High
Unreviewed
CVE-2026-11348
was published
Jul 7, 2026
WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via...
High
Unreviewed
CVE-2026-13722
was published
Jul 3, 2026
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
High
Unreviewed
CVE-2026-50722
was published
Jul 3, 2026
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
High
Unreviewed
CVE-2026-50721
was published
Jul 3, 2026
CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper...
Low
Unreviewed
CVE-2026-13743
was published
Jul 2, 2026
Centrifugo's dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass
High
CVE-2026-49998
was published
for
github.com/centrifugal/centrifugo
(Go)
Jul 1, 2026
sigstore's `certificateOIDs` verification constraints are silently dropped and never enforced
High
CVE-2026-48815
was published
for
sigstore
(npm)
Jul 1, 2026
Sigstore Java has a vulnerability with bundle verification of integratedTime
Low
CVE-2026-48791
was published
for
dev.sigstore:sigstore-java
(Maven)
Jun 30, 2026
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23,...
Low
Unreviewed
CVE-2025-0824
was published
Jun 29, 2026
The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious...
Moderate
Unreviewed
CVE-2024-23581
was published
Jun 26, 2026
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass
Critical
CVE-2026-49454
was published
for
relyra
(Erlang)
Jun 26, 2026
@sigstore/core has DSSE payloadType type-binding failure
Moderate
CVE-2026-48758
was published
for
@sigstore/core
(npm)
Jun 26, 2026
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity...
Moderate
Unreviewed
CVE-2026-6329
was published
Jun 26, 2026
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted...
Low
Unreviewed
CVE-2026-6331
was published
Jun 26, 2026
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a...
Moderate
Unreviewed
CVE-2026-7511
was published
Jun 26, 2026
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization...
High
Unreviewed
CVE-2026-11800
was published
Jun 26, 2026
golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS
High
CVE-2026-39829
was published
for
golang.org/x/crypto
(Go)
Jun 25, 2026
Lemur: JWT verifier honors attacker-supplied alg, enabling ATO
Moderate
CVE-2026-55165
was published
for
lemur
(pip)
Jun 25, 2026
wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that...
High
Unreviewed
CVE-2026-55961
was published
Jun 25, 2026
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
High
CVE-2026-46560
was published
for
org.openidentityplatform.openam:openam-radius
(Maven)
Jun 25, 2026
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code...
High
Unreviewed
CVE-2026-9779
was published
Jun 25, 2026
motionEye: LFI → pass‑the‑hash admin → unsafe restore → unauth action exec (RCE)
Critical
GHSA-qxvg-h7q2-hcxh
was published
for
motioneye
(pip)
Jun 23, 2026
@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing
High
GHSA-h5x8-xp6m-x6q4
was published
for
@jhb.software/payload-cloudinary-plugin
(npm)
Jun 19, 2026
ProTip!
Advisories are also available from the
GraphQL API