Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

415 advisories

Loading
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
notation-go's verification bypass can cause users to verify the wrong artifact High
CVE-2023-33959 was published for github.com/notaryproject/notation-go (Go) Jun 6, 2023
AdamKorcz shizhMSFT
priteshbandi
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
ProTip! Advisories are also available from the GraphQL API