GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
355 advisories
Filter by severity
go-saml's XML Digital Signatures use SHA-1
Moderate
CVE-2020-36563
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted...
Moderate
Unreviewed
CVE-2022-47549
was published
Dec 19, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the...
High
Unreviewed
CVE-2022-41669
was published
Nov 4, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows...
High
Unreviewed
CVE-2022-41666
was published
Nov 4, 2022
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2022-20944
was published
Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x...
Moderate
Unreviewed
CVE-2022-42010
was published
Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Moderate
CVE-2022-36056
was published
for
github.com/sigstore/cosign
(Go)
Sep 16, 2022
Dendrite signature checks not applied to some retrieved missing events
High
CVE-2022-39200
was published
for
github.com/matrix-org/dendrite
(Go)
Sep 15, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35097
was published
Sep 3, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35113
was published
Sep 3, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle...
Moderate
Unreviewed
CVE-2021-40326
was published
Aug 29, 2022
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary...
Moderate
Unreviewed
CVE-2021-3521
was published
Aug 23, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347...
Moderate
Unreviewed
CVE-2022-2790
was published
Aug 20, 2022
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains...
High
Unreviewed
CVE-2022-28751
was published
Aug 18, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
ProTip!
Advisories are also available from the
GraphQL API