Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

641 advisories

Loading
HAXcms: Private Key Disclosure via Broken HMAC Implementation Critical
CVE-2026-46395 was published for @haxtheweb/haxcms-nodejs (npm) May 19, 2026
shreyas-challa Credited to shreyas-challa
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens Moderate
CVE-2026-45701 was published for sulu/sulu (Composer) May 18, 2026
gangadhar-s-k Credited to gangadhar-s-k, mamazu, alexander-schranz, and Prokyonn mamazu mamazu
alexander-schranz alexander-schranz Prokyonn Prokyonn
Paramiko rsakey.py allows the SHA-1 algorithm Low
CVE-2026-44405 was published for paramiko (pip) May 6, 2026
Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm Low
CVE-2026-7845 was published for langchain-chatchat (pip) May 5, 2026
Gitea has insecure default SSH settings Moderate
GHSA-3m6q-h5gj-7mrw was published for code.gitea.io/gitea (Go) Apr 22, 2026
gnzsnz Credited to gnzsnz
Flowise: Weak Default JWT Secrets Moderate
GHSA-cc4f-hjpj-g9p8 was published for flowise (npm) Apr 16, 2026
kolega-ai-dev Credited to kolega-ai-dev
Bouncy Castle Crypto Package For Java: Use of a Broken or Risky Cryptographic Algorithm vulnerability in bcpkix modules Moderate
CVE-2026-5588 was published for org.bouncycastle:bcpkix-debug-jdk14 (Maven) Apr 15, 2026
Apache Tomcat: Configured cipher preference order not preserved High
CVE-2026-29129 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
aruneko Credited to aruneko
ProTip! Advisories are also available from the GraphQL API