GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
High
CVE-2026-32600
was published
for
simplesamlphp/xml-security
(Composer)
Mar 13, 2026
xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
High
CVE-2026-32313
was published
for
robrichards/xmlseclibs
(Composer)
Mar 13, 2026
auth0/node-jws Improperly Verifies HMAC Signature
High
CVE-2025-65945
was published
for
jws
(npm)
Dec 4, 2025
JWE is missing AES-GCM authentication tag validation in encrypted JWE
Critical
CVE-2025-54887
was published
for
jwe
(RubyGems)
Aug 7, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
ProTip!
Advisories are also available from the
GraphQL API