GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
356 advisories
Filter by severity
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18...
Critical
Unreviewed
CVE-2022-31207
was published
Jul 27, 2022
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)...
Critical
Unreviewed
CVE-2022-31206
was published
Jul 27, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
JWS and JWT signature validation vulnerability with special characters
High
CVE-2022-25898
was published
for
jsrsasign
(npm)
Jun 25, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application...
High
Unreviewed
CVE-2022-1739
was published
Jun 25, 2022
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
This issue was addressed by verifying host keys when connecting to a previously-known SSH server....
Moderate
Unreviewed
CVE-2019-8901
was published
May 24, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless...
Moderate
Unreviewed
CVE-2021-0152
was published
May 24, 2022
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify...
High
Unreviewed
CVE-2021-34420
was published
May 24, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging
Critical
CVE-2021-43568
was published
for
ecdsa-elixir
(Erlang)
May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab...
Moderate
Unreviewed
CVE-2021-39909
was published
May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge...
High
Unreviewed
CVE-2021-37127
was published
May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of...
Moderate
Unreviewed
CVE-2021-41831
was published
May 24, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a...
High
Unreviewed
CVE-2021-41830
was published
May 24, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source...
High
Unreviewed
CVE-2021-41832
was published
May 24, 2022
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for...
High
Unreviewed
CVE-2021-29108
was published
May 24, 2022
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to...
High
Unreviewed
CVE-2021-31847
was published
May 24, 2022
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local...
High
Unreviewed
CVE-2021-31841
was published
May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)...
Moderate
Unreviewed
CVE-2021-34709
was published
May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)...
High
Unreviewed
CVE-2021-34708
was published
May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in...
High
Unreviewed
CVE-2021-1849
was published
May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML...
High
Unreviewed
CVE-2021-3051
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API