Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

519 advisories

Loading
auth0/node-jws Improperly Verifies HMAC Signature High
CVE-2025-65945 was published for jws (npm) Dec 4, 2025
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16152 was published May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16151 was published May 13, 2022
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 daniel-weisse
msanft katexochen
Credited to tjade273, daniel-weisse, msanft, and katexochen
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
cggmp21 has a missing check in the ZK proof used in CGGMP21 Critical
CVE-2025-66016 was published for cggmp21 (Rust) Nov 25, 2025
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
tal-sealsecurity
Credited to martincostello, IchordeDionysos, and tal-sealsecurity
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Credited to Markus-MS
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig
Credited to JoranHonig
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client... High Unreviewed
CVE-2025-64740 was published Nov 13, 2025
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows... High Unreviewed
CVE-2025-64456 was published Nov 10, 2025
Improper authentication in the API authentication middleware of HCL DevOps Loop allows... High Unreviewed
CVE-2025-55278 was published Nov 6, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... High Unreviewed
CVE-2025-43468 was published Nov 4, 2025
A potential security vulnerability has been identified in the HP Linux Imaging and Printing... Moderate Unreviewed
CVE-2025-43023 was published Jul 28, 2025
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the... High Unreviewed
CVE-2020-10126 was published May 24, 2022
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x... High Unreviewed
CVE-2023-34435 was published Jul 8, 2024
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Credited to BlazingWizard
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Credited to BlazingWizard
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43390 was published Nov 4, 2025
The application failed to account for exceptions thrown by the `loadManifestFromFile` method... Moderate Unreviewed
CVE-2024-11696 was published Nov 26, 2024
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III... Critical Unreviewed
CVE-2024-47943 was published Oct 15, 2024
CPAN 2.28 allows Signature Verification Bypass. High Unreviewed
CVE-2020-16156 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database