Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

526 advisories

Loading
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64787 was published Dec 9, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64786 was published Dec 9, 2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0... Critical Unreviewed
CVE-2025-59718 was published Dec 9, 2025
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0,... Critical Unreviewed
CVE-2025-59719 was published Dec 9, 2025
Improper verification of cryptographic signatures in the patch management component of Ivanti... High Unreviewed
CVE-2025-13662 was published Dec 9, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
auth0/node-jws Improperly Verifies HMAC Signature High
CVE-2025-65945 was published for jws (npm) Dec 4, 2025
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
cggmp21 has a missing check in the ZK proof used in CGGMP21 Critical
CVE-2025-66016 was published for cggmp21 (Rust) Nov 25, 2025
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client... High Unreviewed
CVE-2025-64740 was published Nov 13, 2025
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig
Credited to JoranHonig
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows... High Unreviewed
CVE-2025-64456 was published Nov 10, 2025
Improper authentication in the API authentication middleware of HCL DevOps Loop allows... High Unreviewed
CVE-2025-55278 was published Nov 6, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... High Unreviewed
CVE-2025-43468 was published Nov 4, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43390 was published Nov 4, 2025
Cryptographic validation of upgrade images could be circumventing by dropping a specifically... Moderate Unreviewed
CVE-2025-54549 was published Oct 30, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function... Moderate Unreviewed
CVE-2025-12295 was published Oct 27, 2025
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or... High Unreviewed
CVE-2025-34503 was published Oct 25, 2025
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization Moderate
GHSA-fr8m-434r-g3xp was published for github.com/consensys/gnark-crypto (Go) Oct 15, 2025
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate High
CVE-2025-59288 was published for playwright (npm) Oct 14, 2025
JLLeitschuh
Credited to JLLeitschuh
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database