Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
Improper Verification of Cryptographic Signature Critical
GHSA-7r96-8g3x-g36m was published for tenvoy (npm) Jun 28, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Failure to validate signature during handshake High
CVE-2022-24759 was published for @chainsafe/libp2p-noise (npm) Mar 18, 2022
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Improper Verification of Cryptographic Signature in `node-forge` Moderate
CVE-2022-24773 was published for node-forge (npm) Mar 18, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
Improper Verification of Cryptographic Signature Critical
CVE-2021-32685 was published for tenvoy (npm) Jun 21, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43571 was published for starkbank-ecdsa (npm) Nov 10, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
RSA signature validation vulnerability on maleable encoded message in jsrsasign Critical
CVE-2021-30246 was published for jsrsasign (npm) Apr 16, 2021
Cisco node-jose improper validation of JWT signature High
CVE-2018-0114 was published for node-jose (npm) May 13, 2022
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24772 was published for node-forge (npm) Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24771 was published for node-forge (npm) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database