Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,883
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,200
NuGet
743
pip
3,977
Pub
12
RubyGems
947
Rust
1,032
Swift
39
Unreviewed advisories
All unreviewed
5,000+

499 advisories

Loading
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned.... High Unreviewed
CVE-2025-52550 was published Oct 1, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM... Moderate Unreviewed
CVE-2025-6198 was published Sep 19, 2025
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW... Moderate Unreviewed
CVE-2025-7937 was published Sep 19, 2025
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated... Moderate Unreviewed
CVE-2025-20248 was published Sep 10, 2025
An insufficiently secured internal function allows session generation for arbitrary users. The... High Unreviewed
CVE-2025-30064 was published Aug 27, 2025
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks High
CVE-2025-57801 was published for github.com/consensys/gnark (Go) Aug 22, 2025
sunyxedu A7um
XlabAITeam zL1nX
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized... Moderate Unreviewed
CVE-2025-55229 was published Aug 21, 2025
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that... High Unreviewed
CVE-2025-4371 was published Aug 18, 2025
A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0... High Unreviewed
CVE-2025-40758 was published Aug 14, 2025
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
GHSA-522r-9946-fw43 was published for github.com/cloudflare/circl (Go) Aug 6, 2025 withdrawn
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on... Critical Unreviewed
CVE-2025-54982 was published Aug 5, 2025
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software,... Critical Unreviewed
CVE-2025-8454 was published Aug 1, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Moderate Unreviewed
CVE-2025-43185 was published Jul 30, 2025
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
A potential security vulnerability has been identified in the HP Linux Imaging and Printing... Moderate Unreviewed
CVE-2025-43023 was published Jul 28, 2025
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected... Moderate Unreviewed
CVE-2025-23364 was published Jul 8, 2025
tiny-secp256k1 allows for verify() bypass when running in bundled environment High
CVE-2024-49365 was published for tiny-secp256k1 (npm) Jun 30, 2025
ChALkeR jprichardson
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with... Moderate Unreviewed
CVE-2024-36347 was published Jun 28, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... Critical Unreviewed
CVE-2025-32977 was published Jun 26, 2025
rfc3161-client has insufficient verification for timestamp response signatures Critical
CVE-2025-52556 was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results Low
CVE-2025-8556 was published for github.com/cloudflare/circl (Go) Jun 10, 2025
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an... Moderate Unreviewed
CVE-2025-33069 was published Jun 10, 2025
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly... High Unreviewed
CVE-2025-47827 was published Jun 5, 2025
Deno's AES GCM authentication tags are not verified High
CVE-2025-24015 was published for deno (Rust) Jun 4, 2025
canislupaster
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database