Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

562 advisories

Loading
Bug-Fixes in `libcrux-ecdh`, `libcrux-ed25519`, `libcrux-psq` Moderate
GHSA-435g-fcv3-8j26 was published for libcrux-ecdh (Rust) Feb 12, 2026
nadimkobeissi
Credited to nadimkobeissi
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The... Critical Unreviewed
CVE-2026-26219 was published Feb 12, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This... High Unreviewed
CVE-2025-66597 was published Feb 9, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This... High Unreviewed
CVE-2025-66598 was published Feb 9, 2026
EVE Seals Vault Key With SHA1 PCRs Moderate
CVE-2023-43635 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
An issue in N3uron Web User Interface v.1.21.7-240207.1047 allows a remote attacker to escalate... Critical Unreviewed
CVE-2025-69929 was published Jan 29, 2026
Clatter has a PSK Validity Rule Violation issue High
CVE-2026-24785 was published for clatter (Rust) Jan 28, 2026
twisteroidambassador
Credited to twisteroidambassador
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud... Critical Unreviewed
CVE-2026-22585 was published Jan 24, 2026
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in... High Unreviewed
CVE-2025-58743 was published Jan 21, 2026
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper... High Unreviewed
CVE-2026-21907 was published Jan 15, 2026
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized... Moderate Unreviewed
CVE-2026-20833 was published Jan 13, 2026
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a SHA-256 Hex String Padding Bug High
CVE-2025-68702 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis has Deterministic AES IV Derivation from Passphrase High
CVE-2025-68701 was published for net.gleske:jervis (Maven) Jan 13, 2026
Jervis Has a RSA PKCS#1 Padding Vulnerability High
CVE-2025-68698 was published for net.gleske:jervis (Maven) Jan 13, 2026
jose-swift has JWT Signature Verification Bypass via None Algorithm High
GHSA-88q6-jcjg-hvmw was published for github.com/beatt83/jose-swift (Swift) Jan 9, 2026
snyff
Credited to snyff
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak... Moderate Unreviewed
CVE-2025-14175 was published Dec 29, 2025
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL... Moderate Unreviewed
CVE-2021-47712 was published Dec 18, 2025
AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14761 was published for aws/aws-sdk-php (Composer) Dec 18, 2025
AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14762 was published for aws-sdk-s3 (RubyGems) Dec 18, 2025
Amazon S3 Encryption Client has a Key Commitment Issue Moderate
CVE-2025-14764 was published for github.com/aws/amazon-s3-encryption-client-go/v3 (Go) Dec 18, 2025
Amazon S3 Encryption Client for Java has a Key Commitment Issue Moderate
CVE-2025-14763 was published for software.amazon.encryption.s3:amazon-s3-encryption-client-java (Maven) Dec 18, 2025
Amazon S3 Encryption Client for .NET has a Key Commitment Issue Moderate
CVE-2025-14759 was published for Amazon.Extensions.S3.Encryption (NuGet) Dec 18, 2025
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function... Moderate Unreviewed
CVE-2025-14636 was published Dec 13, 2025
Apache StreamPark uses a Weak Encryption Algorithm High
CVE-2025-54981 was published for org.apache.streampark:streampark (Maven) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database