Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is... Moderate Unreviewed
CVE-2023-3347 was published Jul 20, 2023
Incorrect signature verification of the firmware during the Device Firmware Update process of... Moderate Unreviewed
CVE-2023-33768 was published Jul 13, 2023
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8,... Moderate Unreviewed
CVE-2023-1204 was published May 3, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application... Moderate Unreviewed
CVE-2023-28818 was published Mar 24, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all... Moderate Unreviewed
CVE-2021-43074 was published Feb 16, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed
CVE-2022-47549 was published Dec 19, 2022
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
An issue in code signature validation was addressed with improved checks. This issue is fixed in... Moderate Unreviewed
CVE-2022-42793 was published Nov 2, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2022-20944 was published Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x... Moderate Unreviewed
CVE-2022-42010 was published Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35097 was published Sep 3, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35113 was published Sep 3, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle... Moderate Unreviewed
CVE-2021-40326 was published Aug 29, 2022
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary... Moderate Unreviewed
CVE-2021-3521 was published Aug 23, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347... Moderate Unreviewed
CVE-2022-2790 was published Aug 20, 2022
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed
CVE-2019-8901 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database