Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Signature validation bypass in XmlSecLibs High
CVE-2019-3465 was published for robrichards/xmlseclibs (Composer) Nov 8, 2019
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Signature wrapping vulnerability in Spring Security High
CVE-2020-5407 was published for org.springframework.security:spring-security-core (Maven) Jun 5, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Improper Verification of Cryptographic Signature in fastecdsa High
CVE-2020-12607 was published for fastecdsa (pip) Oct 12, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
CPAN 2.28 allows Signature Verification Bypass. High Unreviewed
CVE-2020-16156 was published Dec 14, 2021
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Pac4j token validation bypass if OpenID Connect provider supports none algorithm High
CVE-2021-44878 was published for org.pac4j:pac4j-oidc (Maven) Jan 8, 2022
sharonbz
A firmware update vulnerability exists in the "update" firmware checks functionality of... High Unreviewed
CVE-2022-21134 was published Jan 29, 2022
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. High Unreviewed
CVE-2020-16154 was published Feb 10, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-24115 was published Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database