GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper...
High
Unreviewed
CVE-2022-34459
was published
Feb 1, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature...
Critical
Unreviewed
CVE-2022-23334
was published
Jan 30, 2023
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may...
High
Unreviewed
CVE-2023-24025
was published
Jan 20, 2023
Cargo did not verify SSH host keys
Moderate
CVE-2022-46176
was published
for
cargo
(Rust)
Jan 10, 2023
go-saml's XML Digital Signatures use SHA-1
Moderate
CVE-2020-36563
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted...
Moderate
Unreviewed
CVE-2022-47549
was published
Dec 19, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the...
High
Unreviewed
CVE-2022-41669
was published
Nov 4, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows...
High
Unreviewed
CVE-2022-41666
was published
Nov 4, 2022
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2022-20944
was published
Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x...
Moderate
Unreviewed
CVE-2022-42010
was published
Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Moderate
CVE-2022-36056
was published
for
github.com/sigstore/cosign
(Go)
Sep 16, 2022
Dendrite signature checks not applied to some retrieved missing events
High
CVE-2022-39200
was published
for
github.com/matrix-org/dendrite
(Go)
Sep 15, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35097
was published
Sep 3, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35113
was published
Sep 3, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle...
Moderate
Unreviewed
CVE-2021-40326
was published
Aug 29, 2022
ProTip!
Advisories are also available from the
GraphQL API