Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

356 advisories

cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18... Critical Unreviewed
CVE-2022-31207 was published Jul 27, 2022
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)... Critical Unreviewed
CVE-2022-31206 was published Jul 27, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application... High Unreviewed
CVE-2022-1739 was published Jun 25, 2022
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed
CVE-2019-8901 was published May 24, 2022
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless... Moderate Unreviewed
CVE-2021-0152 was published May 24, 2022
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify... High Unreviewed
CVE-2021-34420 was published May 24, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging Critical
CVE-2021-43568 was published for ecdsa-elixir (Erlang) May 24, 2022
westonsteimel
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed
CVE-2021-39909 was published May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge... High Unreviewed
CVE-2021-37127 was published May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed
CVE-2021-41831 was published May 24, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a... High Unreviewed
CVE-2021-41830 was published May 24, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source... High Unreviewed
CVE-2021-41832 was published May 24, 2022
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for... High Unreviewed
CVE-2021-29108 was published May 24, 2022
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to... High Unreviewed
CVE-2021-31847 was published May 24, 2022
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local... High Unreviewed
CVE-2021-31841 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed
CVE-2021-34709 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... High Unreviewed
CVE-2021-34708 was published May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in... High Unreviewed
CVE-2021-1849 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML... High Unreviewed
CVE-2021-3051 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API