Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

57 advisories

Loading
tonghuaroot Credited to tonghuaroot
OpenAM Account Takeover via Unverified Password Change in OAuth2 Module High
CVE-2026-46623 was published for org.openidentityplatform.openam:openam-auth-oauth2 (Maven) Jun 26, 2026
wodzen Credited to wodzen
ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351 High
CVE-2026-45363 was published for jwt (RubyGems) May 18, 2026
SnailSploit Credited to SnailSploit, perryn, evansalter, and canderson-activatecare perryn perryn
evansalter evansalter canderson-activatecare canderson-activatecare
slack-go `SecretsVerifier` accepts empty signing secret without precondition Moderate
GHSA-gxhx-2686-5h9g was published for github.com/slack-go/slack (Go) May 14, 2026
SnailSploit Credited to SnailSploit and massif-01 massif-01 massif-01
fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver Critical
CVE-2026-44351 was published for fast-jwt (npm) May 6, 2026
bhaswanthc Credited to bhaswanthc and SociableSteve SociableSteve SociableSteve
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires... Critical Unreviewed
CVE-2026-22886 was published Mar 3, 2026
ProTip! Advisories are also available from the GraphQL API