Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,723
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,947
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

488 advisories

Loading
fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver Critical
CVE-2026-44351 was published for fast-jwt (npm) May 6, 2026
bhaswanthc Credited to bhaswanthc and SociableSteve SociableSteve SociableSteve
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain... Critical Unreviewed
CVE-2018-25272 was published Apr 22, 2026
Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior... Moderate Unreviewed
CVE-2025-1241 was published Apr 21, 2026
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules)... Moderate Unreviewed
CVE-2026-5363 was published Apr 16, 2026
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read... Moderate Unreviewed
CVE-2026-5889 was published Apr 9, 2026
Grafana Tempo has Inadequate Encryption Strength High
CVE-2026-28377 was published for github.com/grafana/tempo (Go) Mar 27, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin High
CVE-2026-33488 was published for wwbn/avideo (Composer) Mar 20, 2026
offset Credited to offset
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected... Moderate Unreviewed
CVE-2025-36379 was published Feb 17, 2026
Jervis's Salt for PBKDF2 derived from password High
CVE-2025-68703 was published for net.gleske:jervis (Maven) Jan 13, 2026
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes... Low Unreviewed
CVE-2026-0510 was published Jan 13, 2026
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027,... High Unreviewed
CVE-2025-65295 was published Dec 11, 2025
Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E... Moderate Unreviewed
CVE-2025-41743 was published Dec 2, 2025
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS ... Moderate Unreviewed
CVE-2025-11935 was published Nov 22, 2025
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0... Moderate Unreviewed
CVE-2025-12439 was published Nov 10, 2025
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19... Critical Unreviewed
CVE-2025-12478 was published Oct 29, 2025
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
CVE-2025-55248 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 15, 2025
Apache Spark has Inadequate Encryption Strength Moderate
CVE-2025-55039 was published for org.apache.spark:spark-network-common_2.12 (Maven) Oct 15, 2025
Duplicate Advisory: Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability Moderate
GHSA-987x-96fq-9384 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) Oct 14, 2025 withdrawn
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check... Moderate Unreviewed
CVE-2025-39889 was published Sep 24, 2025
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0... High Unreviewed
CVE-2025-46409 was published Aug 28, 2025
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective... Critical Unreviewed
CVE-2025-45765 was published Aug 7, 2025
jsrsasign v11.1.0 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45764 was published Aug 6, 2025
jwt v5.4.3 was discovered to contain weak encryption. High Unreviewed
CVE-2025-45770 was published Jul 31, 2025
php-jwt contains weak encryption Low
CVE-2025-45769 was published for firebase/php-jwt (Composer) Jul 31, 2025
wizardist Credited to wizardist and derhansen derhansen derhansen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database