Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD
Credited to eternal-flame-AD
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43521 was published Dec 12, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Low Unreviewed
CVE-2025-43522 was published Dec 12, 2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker... Moderate Unreviewed
CVE-2025-59803 was published Dec 11, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64786 was published Dec 9, 2025
Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and... Low Unreviewed
CVE-2025-64787 was published Dec 9, 2025
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0... Critical Unreviewed
CVE-2025-59718 was published Dec 9, 2025
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0,... Critical Unreviewed
CVE-2025-59719 was published Dec 9, 2025
Improper verification of cryptographic signatures in the patch management component of Ivanti... High Unreviewed
CVE-2025-13662 was published Dec 9, 2025
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation Critical
CVE-2025-66568 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-66567 was published for ruby-saml (RubyGems) Dec 8, 2025
d0ge
Credited to d0ge
auth0/node-jws Improperly Verifies HMAC Signature High
CVE-2025-65945 was published for jws (npm) Dec 4, 2025
Sideni
Credited to Sideni
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are... Critical Unreviewed
CVE-2025-40934 was published Nov 27, 2025
cggmp21 has a missing check in the ZK proof used in CGGMP21 Critical
CVE-2025-66016 was published for cggmp21 (Rust) Nov 25, 2025
Babylon's BIP322 signature implementation is not fully compliant to the spec Moderate
GHSA-xq4h-wqm2-668w was published for github.com/babylonlabs-io/babylon/v4 (Go) Nov 24, 2025
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing... High Unreviewed
CVE-2025-34324 was published Nov 18, 2025
Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client... High Unreviewed
CVE-2025-64740 was published Nov 13, 2025
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves High
CVE-2025-64186 was published for github.com/evervault/evervault-go (Go) Nov 12, 2025
JoranHonig
Credited to JoranHonig
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows... High Unreviewed
CVE-2025-64456 was published Nov 10, 2025
Improper authentication in the API authentication middleware of HCL DevOps Loop allows... High Unreviewed
CVE-2025-55278 was published Nov 6, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... High Unreviewed
CVE-2025-43468 was published Nov 4, 2025
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing... Moderate Unreviewed
CVE-2025-43390 was published Nov 4, 2025
Cryptographic validation of upgrade images could be circumventing by dropping a specifically... Moderate Unreviewed
CVE-2025-54549 was published Oct 30, 2025
Contrast has insecure LUKS2 persistent storage partitions may be opened and used Moderate
GHSA-f5p4-p5q5-jv3h was published for github.com/edgelesssys/contrast (Go) Oct 28, 2025
katexochen tjade273
Credited to katexochen and tjade273
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function... Moderate Unreviewed
CVE-2025-12295 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database