Skip to content
  • Contact Sales
  • Resellers
  • Support
Yubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Contact Sales
  • Events
  • Press room
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Easy-to-use, secure authenticationWith YubiKey there’s no tradeoff between great security and usabilityWhy YubiKey Proven at scale at GoogleGoogle defends against account takeovers and reduces IT costsGoogle Case Study Protecting vulnerable organizationsSecure it Forward: Yubico matches up to 5% of the number of YubiKeys purchased on Yubico.comSecure it Forward
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiKey as a Service
  • YubiEnterprise Delivery
  • Yubico Enrollment Suite
  • YubiCloud
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
One key for hundreds of apps and servicesYubiKey works out-of-the-box and has no client software or batteryYubico protects you See YubiKeys as a ServiceYubiKey as a Service delivers scale and savingsGain a future-proofed solution and faster MFA rolloutsYubiKey as a Service
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Critical infrastructure
  • Secure supply chain
  • Protect call centers
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
  • Okta identity solutions
The Bridge to PasswordlessBegin the journey to make your organization passwordless Get the white paper Accelerate your Zero Trust Strategy7 best authentication practices to jumpstart your Zero Trust programGet the white paper Federal cybersecurity requirements Guidance for leaders to prepare for the modern cyber threat eraGet the white paper
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Department of Defense
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
  • Elections & campaigns
  • Insurance organizations
Manufacturing and supply chain security Authentication best practices for manufacturingGet the white paper Phishing-resistant MFA: Fact vs. FictionMeet requirements for phishing-resistant MFA in OMB M-22-09 guidelinesGet the white paper Secure energy and natural resources from cyber threats Best practices for phishing-resistant MFA to protect infrastructureGet the white paper
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Passkeys
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
BeyondTrust: secured with a subscriptionPrivileged Access Management leader simplifies deploymentSee case study S&P Global Market Intelligence report: old habits die hardOnly 46% of orgs protect their applications with MFA. How about yours?Read the report Considering Passkeys for your Enterprise?Learn how to avoid common passkey pitfallsVisit Passkey Hub
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiKey as a Service
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
How to set up your YubiKeyFollow our guided tutorials to start protecting your servicesSet up your YubiKey Find the best YubiKey for your needsTake the guided quiz and see which YubiKeys fit your needsTake the quiz Accelerate your YubiKey deploymentTechnical and operational guidance for your YubiKey rolloutProfessional Services
SubscribeStore
  • Security advisories

    Home » Support » Security advisories

    2025 Advisories

    Security advisory: YSA-2025-02

    FIDO PIN/UV Auth Protocol Two Out of Conformance

    Security advisory: YSA-2025-01

    Partial Authentication Bypass in pam-u2f Software Package


    2024 Advisories

    Security advisory: YSA-2024-03

    Infineon ECDSA Private Key Recovery

    Security advisory: YSA-2024-02

    FIDO Relying Party Enumeration

    Security advisory: YSA-2024-01

    YubiKey Manager Privilege Escalation


    2023 Advisories

    Security advisory: YSA-2023-01

    YubiHSM 2 SDK uninitialized memory read in the PKCS11 module


    2022 Advisories

    None


    2021 Advisories

    Security advisory: YSA-2021-04

    Input validation issues in libyubihsm

    Security advisory: YSA-2021-03

    Local PIN bypass in pam-u2f

    Security advisory: YSA-2021-02

    Denial of Service condition in yubihsm-connector

    Security advisory: YSA-2021-01

    Tailored Denial of Service Issues in yubihsm-shell


    2020 Advisories

    Security advisory: YSA-2020-06

    Denial of service issues in yubihsm-shell

    Security advisory: YSA-2020-04

    Access code not checked for NDEF updates

    Security advisory: YSA-2020-02, YSA-2020-3

    Out of bounds read in libykpiv

    Security advisory: YSA-2020-01

    Insufficient data validation in yubikey-val


    2019 Advisories

    Security advisory: YSA-2019-02

    Reduced initial randomness on FIPS keys

    Security advisory: YSA-2019-01

    Unchecked buffer in libu2f-host


    2018 Advisories

    Security advisory: YSA-2018-03

    Unchecked buffer in libykpiv

    Security advisory: YSA-2018-02

    WebUSB bypass of U2F phishing protection

    Security advisory: YSA-2018-01

    Security issue with password protection in OATH Applet on YubiKey NEO


    2017 Advisories

    Security advisory: YSA-2017-01

    Infineon weak RSA key generation


    2015 Advisories

    Security advisory: YSA-2015-1

    YubiKey NEO OpenPGP PIN validation logic issue


    Read more on how Yubico rates the severity of security issues.

    Sign up to receive security advisories via email:

    (Email notifications are sent only for High and Critical security issue ratings)

    Join our newsletterJoin our newsletter

     Security advisories RSS feed

Yubico Text Logo
  • RSS Feed
  • X
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2025 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust