Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,699
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,941
NuGet
708
pip
3,708
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

162 advisories

Loading
samlify SAML Signature Wrapping attack Critical
CVE-2025-47949 was published for samlify (npm) May 19, 2025
ahacker1-securesaml
OpenPGP.js's message signature verification can be spoofed High
CVE-2025-47934 was published for openpgp (npm) May 19, 2025
CodeanIO
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
MinIO performs incomplete signature validation for unsigned-trailer uploads High
CVE-2025-31489 was published for github.com/minio/minio (Go) Apr 4, 2025
owainkenwayucl AndEsterson
harshavardhana
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment Critical
CVE-2025-29775 was published for xml-crypto (npm) Mar 14, 2025
ahacker1-securesaml marktran
mattgd blairworkos mthadley nickcollisson-workos latacora-paul
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References Critical
CVE-2025-29774 was published for xml-crypto (npm) Mar 14, 2025
mattgd blairworkos
mthadley nickcollisson-workos latacora-paul ahacker1-securesaml marktran
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check Moderate
CVE-2020-36843 was published for net.i2p.crypto:eddsa (Maven) Mar 13, 2025
Malayke
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) Critical
CVE-2025-25292 was published for ruby-saml (RubyGems) Mar 12, 2025
p-
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) Critical
CVE-2025-25291 was published for ruby-saml (RubyGems) Mar 12, 2025
ahacker1-securesaml
omniauth-saml has dependency on ruby-saml version with Signature Wrapping Attack issue Critical
GHSA-hw46-3hmr-x9xv was published for omniauth-saml (RubyGems) Mar 12, 2025
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding High
CVE-2025-27773 was published for simplesamlphp/saml2 (Composer) Mar 11, 2025
ahacker1-securesaml ZeiP
Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability High
CVE-2025-24043 was published for dotnet-debugger-extensions (NuGet) Mar 7, 2025
hoyosjs
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2025-27498 was published for ascon_aead (Rust) Mar 3, 2025
thealtofwar
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
ismp-grandpa crate accepted incorrect signatures Critical
CVE-2025-24800 was published for grandpa-verifier (Rust) Jan 28, 2025
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
mfulton26
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity Moderate
CVE-2024-52813 was published for matrix-sdk-crypto (Rust) Jan 7, 2025
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
eduarddfinity AlexV525
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database