Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,943
Erlang
29
GitHub Actions
16
Go
1,727
Maven
4,953
npm
3,485
NuGet
605
pip
3,052
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site... High Unreviewed
CVE-2023-23772 was published Aug 29, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App... Moderate Unreviewed
CVE-2021-43171 was published Aug 22, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this... High Unreviewed
CVE-2023-39392 was published Aug 13, 2023
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation... High Unreviewed
CVE-2023-39393 was published Aug 13, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating... High Unreviewed
CVE-2023-38418 was published Aug 2, 2023
Incorrect signature verification of the firmware during the Device Firmware Update process of... Moderate Unreviewed
CVE-2023-33768 was published Jul 13, 2023
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic... High Unreviewed
CVE-2023-32449 was published Jun 22, 2023
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic... High Unreviewed
CVE-2023-28602 was published Jun 13, 2023
notation-go's verification bypass can cause users to verify the wrong artifact High
CVE-2023-33959 was published for github.com/notaryproject/notation-go (Go) Jun 6, 2023
AdamKorcz shizhMSFT
priteshbandi
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Incorrect signature verification in django-ses Moderate
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-4418 was published May 18, 2023
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature... High Unreviewed
CVE-2023-25934 was published May 4, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application... Moderate Unreviewed
CVE-2023-28818 was published Mar 24, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
In the Android operating system, there is a possible way to replace a boot partition due to... High Unreviewed
CVE-2023-20940 was published Feb 28, 2023
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all... Moderate Unreviewed
CVE-2021-43074 was published Feb 16, 2023
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ... Critical Unreviewed
CVE-2023-25718 was published Feb 13, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper... High Unreviewed
CVE-2022-34459 was published Feb 1, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature... Critical Unreviewed
CVE-2022-23334 was published Jan 30, 2023
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may... High Unreviewed
CVE-2023-24025 was published Jan 20, 2023
ProTip! Advisories are also available from the GraphQL API