GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
641 advisories
Filter by severity
LiteLLM: Password hash exposure and pass-the-hash authentication bypass
High
GHSA-69x8-hrgq-fjj8
was published
for
litellm
(pip)
Apr 8, 2026
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures...
High
Unreviewed
CVE-2025-14859
was published
Apr 7, 2026
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
Critical
CVE-2026-34950
was published
for
fast-jwt
(npm)
Apr 2, 2026
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that...
Moderate
Unreviewed
CVE-2025-13916
was published
Apr 1, 2026
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP...
High
Unreviewed
CVE-2019-25651
was published
Mar 28, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
High
CVE-2026-33512
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
MinIO has JWT Algorithm Confusion in OIDC Authentication
Critical
CVE-2026-33322
was published
for
github.com/minio/minio
(Go)
Mar 19, 2026
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15...
High
Unreviewed
CVE-2026-20996
was published
Mar 16, 2026
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
High
CVE-2026-28490
was published
for
authlib
(pip)
Mar 16, 2026
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+,...
Critical
Unreviewed
CVE-2026-28252
was published
Mar 12, 2026
Striae has a hash validation utility vulnerability
High
CVE-2026-31839
was published
for
@striae-org/striae
(npm)
Mar 11, 2026
An unauthenticated remote attacker can use firmware images to extract password hashes and brute...
Moderate
Unreviewed
CVE-2025-41711
was published
Mar 10, 2026
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and...
Critical
Unreviewed
CVE-2025-13476
was published
Mar 5, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk...
High
Unreviewed
CVE-2026-3598
was published
Mar 5, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client...
High
Unreviewed
CVE-2026-30791
was published
Mar 5, 2026
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A...
Moderate
Unreviewed
CVE-2026-23601
was published
Mar 4, 2026
IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1
Moderate
Unreviewed
CVE-2025-14456
was published
Mar 3, 2026
IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could...
Moderate
Unreviewed
CVE-2025-14480
was published
Mar 3, 2026
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak...
High
Unreviewed
CVE-2025-63912
was published
Mar 3, 2026
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to...
Moderate
Unreviewed
CVE-2026-1626
was published
Feb 27, 2026
An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service...
Moderate
Unreviewed
CVE-2026-1627
was published
Feb 27, 2026
An authentication bypass vulnerability exists in Copeland XWEB Pro
version 1.12.1 and prior,...
Critical
Unreviewed
CVE-2026-21718
was published
Feb 27, 2026
Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter
Critical
CVE-2026-27804
was published
for
parse-server
(npm)
Feb 25, 2026
OpenClaw replaced a deprecated sandbox hash algorithm
High
CVE-2026-28479
was published
for
openclaw
(npm)
Feb 19, 2026
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could...
Moderate
Unreviewed
CVE-2024-43178
was published
Feb 17, 2026
ProTip!
Advisories are also available from the
GraphQL API