GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
High
GHSA-9h47-pqcx-hjr4
was published
for
better-auth
(npm)
Jul 7, 2026
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5...
High
Unreviewed
CVE-2026-9221
was published
Jun 26, 2026
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
High
Unreviewed
CVE-2026-9261
was published
Jun 16, 2026
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad...
High
Unreviewed
CVE-2025-10237
was published
Jun 10, 2026
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication...
High
Unreviewed
CVE-2026-36609
was published
Jun 3, 2026
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which...
High
Unreviewed
CVE-2026-44053
was published
May 21, 2026
This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow...
High
Unreviewed
CVE-2026-6411
was published
May 8, 2026
SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a...
High
Unreviewed
CVE-2026-32959
was published
Apr 20, 2026
Apache Tomcat: Configured cipher preference order not preserved
High
CVE-2026-29129
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 9, 2026
LiteLLM: Password hash exposure and pass-the-hash authentication bypass
High
GHSA-69x8-hrgq-fjj8
was published
for
litellm
(pip)
Apr 8, 2026
The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures...
High
Unreviewed
CVE-2025-14859
was published
Apr 7, 2026
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP...
High
Unreviewed
CVE-2019-25651
was published
Mar 28, 2026
AVideo has an unauthenticated decrypt oracle leaking any ciphertext
High
CVE-2026-33512
was published
for
wwbn/avideo
(Composer)
Mar 20, 2026
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15...
High
Unreviewed
CVE-2026-20996
was published
Mar 16, 2026
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
High
CVE-2026-28490
was published
for
authlib
(pip)
Mar 16, 2026
Striae has a hash validation utility vulnerability
High
CVE-2026-31839
was published
for
@striae-org/striae
(npm)
Mar 11, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk...
High
Unreviewed
CVE-2026-3598
was published
Mar 5, 2026
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client...
High
Unreviewed
CVE-2026-30791
was published
Mar 5, 2026
Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak...
High
Unreviewed
CVE-2025-63912
was published
Mar 3, 2026
OpenClaw replaced a deprecated sandbox hash algorithm
High
CVE-2026-28479
was published
for
openclaw
(npm)
Feb 19, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This...
High
Unreviewed
CVE-2025-66598
was published
Feb 9, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This...
High
Unreviewed
CVE-2025-66597
was published
Feb 9, 2026
Clatter has a PSK Validity Rule Violation issue
High
CVE-2026-24785
was published
for
clatter
(Rust)
Jan 28, 2026
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability
in the Password class in...
High
Unreviewed
CVE-2025-58743
was published
Jan 21, 2026
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper...
High
Unreviewed
CVE-2026-21907
was published
Jan 15, 2026
ProTip!
Advisories are also available from the
GraphQL API