GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,944
Erlang
29
GitHub Actions
16
Go
1,729
Maven
4,955
npm
3,489
NuGet
607
pip
3,056
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
134 advisories
Filter by severity
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification...
Moderate
Unreviewed
CVE-2024-2307
was published
Mar 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate...
Moderate
Unreviewed
CVE-2024-0567
was published
Jan 16, 2024
A vulnerability exists in the Relion update package signature validation. A tampered update...
Moderate
Unreviewed
CVE-2022-3864
was published
Jan 4, 2024
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23433
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
Moderate
Unreviewed
CVE-2023-23435
was published
Dec 29, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20568
was published
Nov 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an...
Moderate
Unreviewed
CVE-2023-20567
was published
Nov 14, 2023
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
Moderate
CVE-2023-47122
was published
for
github.com/sigstore/gitsign
(Go)
Nov 14, 2023
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on...
Moderate
Unreviewed
CVE-2023-28804
was published
Oct 23, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Moderate
CVE-2023-42811
was published
for
aes-gcm
(Rust)
Sep 22, 2023
Archive spoofing vulnerability in borgbackup
Moderate
CVE-2023-36811
was published
for
borgbackup
(pip)
Aug 30, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App...
Moderate
Unreviewed
CVE-2021-43171
was published
Aug 22, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Incorrect signature verification of the firmware during the Device Firmware Update process of...
Moderate
Unreviewed
CVE-2023-33768
was published
Jul 13, 2023
Incorrect signature verification in django-ses
Moderate
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
NATS TLS certificate common name validation bypass
Moderate
GHSA-wvc4-j7g5-4f79
was published
for
nats
(Rust)
Mar 27, 2023
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application...
Moderate
Unreviewed
CVE-2023-28818
was published
Mar 24, 2023
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all...
Moderate
Unreviewed
CVE-2021-43074
was published
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API