Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

507 advisories

Loading
An insufficiently secured internal function allows session generation for arbitrary users. The... High Unreviewed
CVE-2025-30064 was published Aug 27, 2025
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized... Moderate Unreviewed
CVE-2025-55229 was published Aug 21, 2025
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that... High Unreviewed
CVE-2025-4371 was published Aug 18, 2025
A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0... High Unreviewed
CVE-2025-40758 was published Aug 14, 2025
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on... Critical Unreviewed
CVE-2025-54982 was published Aug 5, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,... Critical Unreviewed
CVE-2025-8454 was published Aug 1, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Moderate Unreviewed
CVE-2025-43185 was published Jul 30, 2025
A potential security vulnerability has been identified in the HP Linux Imaging and Printing... Moderate Unreviewed
CVE-2025-43023 was published Jul 28, 2025
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected... Moderate Unreviewed
CVE-2025-23364 was published Jul 8, 2025
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
Credited to ChALkeR and jprichardson
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with... Moderate Unreviewed
CVE-2024-36347 was published Jun 28, 2025
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
tal-sealsecurity
Credited to martincostello, IchordeDionysos, and tal-sealsecurity
rfc3161-client has insufficient verification for timestamp response signatures Critical
CVE-2025-52556 was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
Credited to jku and woodruffw
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... Critical Unreviewed
CVE-2025-32977 was published Jun 26, 2025
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ... Critical Unreviewed
CVE-2023-25718 was published Feb 13, 2023
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an... Moderate Unreviewed
CVE-2025-33069 was published Jun 10, 2025
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x... Moderate Unreviewed
CVE-2022-42010 was published Oct 10, 2022
Deno's AES GCM authentication tags are not verified High
CVE-2025-24015 was published for deno (Rust) Jun 4, 2025
canislupaster
Credited to canislupaster
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed
CVE-2022-38177 was published Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed
CVE-2022-38178 was published Sep 22, 2022
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass... High Unreviewed
CVE-2022-31807 was published May 23, 2025
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database