Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,467
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,832
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
907
Swift
38
Unreviewed advisories
All unreviewed
5,000+

457 advisories

Loading
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check Moderate
CVE-2020-36843 was published for net.i2p.crypto:eddsa (Maven) Mar 13, 2025
Malayke
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) High
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) High
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20143 was published Mar 12, 2025
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass... High Unreviewed
CVE-2025-2233 was published Mar 12, 2025
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding High
CVE-2025-27773 was published for simplesamlphp/saml2 (Composer) Mar 11, 2025
ahacker1-securesaml ZeiP
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for... High Unreviewed
CVE-2025-20206 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27670 was published Mar 5, 2025
Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in... Critical Unreviewed
CVE-2024-11957 was published Mar 4, 2025
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2025-27498 was published for ascon_aead (Rust) Mar 3, 2025
thealtofwar
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
An improper verification of cryptographic signature vulnerability was identified in GitHub... Moderate Unreviewed
CVE-2025-23369 was published Jan 21, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
mfulton26
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed
CVE-2024-13172 was published Jan 14, 2025
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned... Moderate Unreviewed
CVE-2024-7344 was published Jan 14, 2025
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity Moderate
CVE-2024-52813 was published for matrix-sdk-crypto (Rust) Jan 7, 2025
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially... High Unreviewed
CVE-2024-39804 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially... High Unreviewed
CVE-2024-41159 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094... High Unreviewed
CVE-2024-42004 was published Dec 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database