Security advisories
2025 Advisories
Security advisory: YSA-2025-02
FIDO PIN/UV Auth Protocol Two Out of Conformance
Security advisory: YSA-2025-01
Partial Authentication Bypass in pam-u2f Software Package
2024 Advisories
Security advisory: YSA-2024-03
Infineon ECDSA Private Key Recovery
Security advisory: YSA-2024-02
FIDO Relying Party Enumeration
Security advisory: YSA-2024-01
YubiKey Manager Privilege Escalation
2023 Advisories
Security advisory: YSA-2023-01
YubiHSM 2 SDK uninitialized memory read in the PKCS11 module
2022 Advisories
None
2021 Advisories
Security advisory: YSA-2021-04
Input validation issues in libyubihsm
Security advisory: YSA-2021-03
Local PIN bypass in pam-u2f
Security advisory: YSA-2021-02
Denial of Service condition in yubihsm-connector
Security advisory: YSA-2021-01
Tailored Denial of Service Issues in yubihsm-shell
2020 Advisories
Security advisory: YSA-2020-06
Denial of service issues in yubihsm-shell
Security advisory: YSA-2020-04
Access code not checked for NDEF updates
Security advisory: YSA-2020-02, YSA-2020-3
Out of bounds read in libykpiv
Security advisory: YSA-2020-01
Insufficient data validation in yubikey-val
2019 Advisories
Security advisory: YSA-2019-02
Reduced initial randomness on FIPS keys
Security advisory: YSA-2019-01
Unchecked buffer in libu2f-host
2018 Advisories
Security advisory: YSA-2018-03
Unchecked buffer in libykpiv
Security advisory: YSA-2018-02
WebUSB bypass of U2F phishing protection
Security advisory: YSA-2018-01
Security issue with password protection in OATH Applet on YubiKey NEO
2017 Advisories
Security advisory: YSA-2017-01
Infineon weak RSA key generation
2015 Advisories
Security advisory: YSA-2015-1
YubiKey NEO OpenPGP PIN validation logic issue
Read more on how Yubico rates the severity of security issues.
Sign up to receive security advisories via email:
(Email notifications are sent only for High and Critical security issue ratings)