GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
641 advisories
Filter by severity
Better Auth has insecure cryptographic defaults in oidcProvider: alg=none advertised and plain PKCE accepted by default
High
GHSA-9h47-pqcx-hjr4
was published
for
better-auth
(npm)
Jul 7, 2026
A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the...
Low
Unreviewed
CVE-2026-14742
was published
Jul 5, 2026
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function...
Low
Unreviewed
CVE-2026-14738
was published
Jul 5, 2026
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is...
High
Unreviewed
CVE-2020-25493
was published
May 24, 2022
A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.
Critical
Unreviewed
CVE-2021-42216
was published
Dec 16, 2021
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications...
Moderate
Unreviewed
CVE-2020-20950
was published
May 24, 2022
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library...
Moderate
Unreviewed
CVE-2020-20949
was published
May 24, 2022
A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this...
Low
Unreviewed
CVE-2026-14630
was published
Jul 4, 2026
Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding
Low
CVE-2026-50268
was published
for
Steeltoe.Configuration.Encryption
(NuGet)
Jul 2, 2026
SurrealDB: ES512 silently downgraded to ES384 due to jsonwebtoken crate limitation
Moderate
GHSA-fwg2-gr34-q3w8
was published
for
surrealdb
(Rust)
Jul 1, 2026
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions...
Moderate
Unreviewed
CVE-2026-57997
was published
Jun 30, 2026
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an...
Low
Unreviewed
CVE-2026-13510
was published
Jun 29, 2026
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function...
Low
Unreviewed
CVE-2026-13482
was published
Jun 28, 2026
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1...
Low
Unreviewed
CVE-2026-6412
was published
Jun 25, 2026
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the...
Moderate
Unreviewed
CVE-2026-6330
was published
Jun 26, 2026
ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2...
Moderate
Unreviewed
CVE-2026-10097
was published
Jun 25, 2026
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5...
High
Unreviewed
CVE-2026-9221
was published
Jun 26, 2026
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
Low
CVE-2026-54780
was published
for
CoreWCF.Primitives
(NuGet)
Jun 19, 2026
Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic...
Moderate
Unreviewed
CVE-2026-40641
was published
Jun 17, 2026
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
High
Unreviewed
CVE-2026-9261
was published
Jun 16, 2026
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against...
Critical
Unreviewed
CVE-2026-50086
was published
Jun 12, 2026
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache...
Moderate
Unreviewed
CVE-2026-40996
was published
Jun 11, 2026
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad...
High
Unreviewed
CVE-2025-10237
was published
Jun 10, 2026
HAXcms: Private Key Disclosure via Broken HMAC Implementation
Critical
CVE-2026-46395
was published
for
@haxtheweb/haxcms-nodejs
(npm)
May 19, 2026
Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens
Moderate
CVE-2026-45701
was published
for
sulu/sulu
(Composer)
May 18, 2026
ProTip!
Advisories are also available from the
GraphQL API