GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
353 advisories
Filter by severity
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege...
High
Unreviewed
CVE-2023-50228
was published
May 3, 2024
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This...
High
Unreviewed
CVE-2024-23480
was published
May 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Critical
CVE-2024-32962
was published
for
xml-crypto
(npm)
May 1, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Secure Boot Security Feature Bypass Vulnerability
High
Unreviewed
CVE-2024-26194
was published
Apr 9, 2024
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification...
Moderate
Unreviewed
CVE-2024-2307
was published
Mar 19, 2024
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent...
High
Unreviewed
CVE-2024-1150
was published
Feb 8, 2024
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent...
High
Unreviewed
CVE-2024-1149
was published
Feb 8, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a...
Critical
Unreviewed
CVE-2024-21917
was published
Jan 31, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka...
Critical
Unreviewed
CVE-2023-44077
was published
Jan 17, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate...
Moderate
Unreviewed
CVE-2024-0567
was published
Jan 16, 2024
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone...
Critical
Unreviewed
CVE-2016-20021
was published
Jan 12, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Critical
CVE-2024-21669
was published
for
aries-cloudagent
(pip)
Jan 9, 2024
An Improper Verification of Cryptographic Signature vulnerability in the update process of...
Critical
Unreviewed
CVE-2023-5347
was published
Jan 9, 2024
A vulnerability exists in the Relion update package signature validation. A tampered update...
Moderate
Unreviewed
CVE-2022-3864
was published
Jan 4, 2024
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23436
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23431
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23433
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23435
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23432
was published
Dec 29, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
ProTip!
Advisories are also available from the
GraphQL API