Security advisories

2021 Advisories

Security advisory: YSA-2021-04

Input validation issues in libyubihsm

Security advisory: YSA-2021-03

Local PIN bypass in pam-u2f

Security advisory: YSA-2021-02

Denial of Service condition in yubihsm-connector

Security advisory: YSA-2021-01

Tailored Denial of Service Issues in yubihsm-shell

2020 Advisories

Security advisory: YSA-2020-06

Denial of service issues in yubihsm-shell

Security advisory: YSA-2020-04

Access code not checked for NDEF updates

Security advisory: YSA-2020-02, YSA-2020-3

Out of bounds read in libykpiv

Security advisory: YSA-2020-01

Insufficient data validation in yubikey-val

2019 Advisories

Security advisory: YSA-2019-02

Reduced initial randomness on FIPS keys

Security advisory: YSA-2019-01

Unchecked buffer in libu2f-host

2018 Advisories

Security advisory: YSA-2018-03

Unchecked buffer in libykpiv

Security advisory: YSA-2018-02

WebUSB bypass of U2F phishing protection

Security advisory: YSA-2018-01

Security issue with password protection in OATH Applet on YubiKey NEO

2017 Advisories

Security advisory: YSA-2017-01

Infineon weak RSA key generation

2015 Advisories

Security advisory: YSA-2015-1

YubiKey NEO OpenPGP PIN validation logic issue

Sign up to receive security advisories via email:

(Email notifications are sent only for High and Critical security issue ratings)

Join our newsletter

How we help

Connect and learn

Work with us

Hardware

YubiEnterprise services

Software

Discover the YubiKey

Initiatives

Use Cases

Technologies

Learn

Best practices

Customers

Get started

Services

Additional resources