GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions),...
High
Unreviewed
CVE-2018-16557
was published
May 13, 2022
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal...
High
Unreviewed
CVE-2018-7340
was published
May 13, 2022
Wizkunde SAMLBase SAML Bypass
High
CVE-2018-5387
was published
for
gogentooss/samlbase
(Composer)
May 13, 2022
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from...
High
Unreviewed
CVE-2018-3968
was published
May 13, 2022
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client
High
GHSA-xh97-72ww-2w58
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
May 4, 2022
•
withdrawn
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows...
High
Unreviewed
CVE-2013-3900
was published
May 3, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun...
High
Unreviewed
CVE-2020-25166
was published
Apr 15, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
High
Unreviewed
CVE-2021-30066
was published
Apr 5, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,...
High
Unreviewed
CVE-2021-32977
was published
Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first...
High
Unreviewed
CVE-2015-3298
was published
Mar 31, 2022
SaltStack Improper Verification of Cryptographic Signature
High
CVE-2022-22934
was published
for
salt
(pip)
Mar 30, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24772
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24771
was published
for
node-forge
(npm)
Mar 18, 2022
Failure to validate signature during handshake
High
CVE-2022-24759
was published
for
@chainsafe/libp2p-noise
(npm)
Mar 18, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2022-24115
was published
Feb 11, 2022
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16154
was published
Feb 10, 2022
A firmware update vulnerability exists in the "update" firmware checks functionality of...
High
Unreviewed
CVE-2022-21134
was published
Jan 29, 2022
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
High
CVE-2021-44878
was published
for
org.pac4j:pac4j-oidc
(Maven)
Jan 8, 2022
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
CPAN 2.28 allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16156
was published
Dec 14, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
High
CVE-2021-20319
was published
for
coreos-installer
(Rust)
Oct 12, 2021
Improper verification of signature threshold in tough
High
CVE-2020-15093
was published
for
tough
(Rust)
Aug 25, 2021
Failure to properly verify ed25519 signatures in libp2p-core
High
CVE-2019-15545
was published
for
libp2p-core
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API