GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could...
Moderate
Unreviewed
CVE-2021-1461
was published
Nov 18, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Keycloak SAML signature validation flaw
Moderate
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Grafana Plugin signature bypass
High
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Incorrect signature verification in django-ses
Low
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
Improper Verification of Cryptographic Signature in ansible
Moderate
CVE-2020-14365
was published
for
ansible
(pip)
Apr 20, 2021
An improper verification of cryptographic signature vulnerability was identified in GitHub...
Critical
Unreviewed
CVE-2024-9487
was published
Oct 11, 2024
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...
High
Unreviewed
CVE-2013-3900
was published
May 3, 2022
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Low
CVE-2024-51744
was published
for
github.com/golang-jwt/jwt/v4
(Go)
Nov 4, 2024
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS...
High
Unreviewed
CVE-2024-40592
was published
Nov 12, 2024
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which...
High
Unreviewed
CVE-2024-49393
was published
Nov 12, 2024
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing...
Moderate
Unreviewed
CVE-2024-49394
was published
Nov 12, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
Permission control vulnerability in the hidebug module
Impact: Successful exploitation of this...
High
Unreviewed
CVE-2024-51526
was published
Nov 5, 2024
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE...
Moderate
Unreviewed
CVE-2024-8036
was published
Oct 25, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()...
Moderate
Unreviewed
CVE-2024-41254
was published
Jul 31, 2024
SaltStack Improper Verification of Cryptographic Signature
High
CVE-2022-22934
was published
for
salt
(pip)
Mar 30, 2022
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
Python RSA allows attackers to spoof signatures
Moderate
CVE-2016-1494
was published
for
rsa
(pip)
May 14, 2022
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
High
Unreviewed
CVE-2023-28796
was published
Oct 23, 2023
svix vulnerable to Authentication Bypass
Moderate
CVE-2024-21491
was published
for
svix
(Rust)
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API