Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

641 advisories

Loading
LiteLLM: Password hash exposure and pass-the-hash authentication bypass High
GHSA-69x8-hrgq-fjj8 was published for litellm (pip) Apr 8, 2026
rtvkiz Credited to rtvkiz
AVideo has an unauthenticated decrypt oracle leaking any ciphertext High
CVE-2026-33512 was published for wwbn/avideo (Composer) Mar 20, 2026
Ahmad-jarwan Credited to Ahmad-jarwan
MinIO has JWT Algorithm Confusion in OIDC Authentication Critical
CVE-2026-33322 was published for github.com/minio/minio (Go) Mar 19, 2026
KoreaSecurity Credited to KoreaSecurity, donatello, harshavardhana, and taran-p donatello donatello
harshavardhana harshavardhana taran-p taran-p
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle High
CVE-2026-28490 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
Striae has a hash validation utility vulnerability High
CVE-2026-31839 was published for @striae-org/striae (npm) Mar 11, 2026
StephenJLu Credited to StephenJLu
IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 Moderate Unreviewed
CVE-2025-14456 was published Mar 3, 2026
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter Critical
CVE-2026-27804 was published for parse-server (npm) Feb 25, 2026
sebastianosrt Credited to sebastianosrt and mtrezza mtrezza mtrezza
OpenClaw replaced a deprecated sandbox hash algorithm High
CVE-2026-28479 was published for openclaw (npm) Feb 19, 2026
kexinoh Credited to kexinoh
ProTip! Advisories are also available from the GraphQL API