Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

169 advisories

Loading
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution... Moderate Unreviewed
CVE-2025-2763 was published Apr 23, 2025
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures... Moderate Unreviewed
CVE-2025-43903 was published Apr 18, 2025
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could... Moderate Unreviewed
CVE-2025-20178 was published Apr 16, 2025
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter... Moderate Unreviewed
CVE-2025-31335 was published Mar 28, 2025
Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check Moderate
CVE-2020-36843 was published for net.i2p.crypto:eddsa (Maven) Mar 13, 2025
Malayke
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20143 was published Mar 12, 2025
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2025-27498 was published for ascon_aead (Rust) Mar 3, 2025
thealtofwar
An improper verification of cryptographic signature vulnerability was identified in GitHub... Moderate Unreviewed
CVE-2025-23369 was published Jan 21, 2025
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned... Moderate Unreviewed
CVE-2024-7344 was published Jan 14, 2025
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity Moderate
CVE-2024-52813 was published for matrix-sdk-crypto (Rust) Jan 7, 2025
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
The application failed to account for exceptions thrown by the `loadManifestFromFile` method... Moderate Unreviewed
CVE-2024-11696 was published Nov 26, 2024
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could... Moderate Unreviewed
CVE-2021-1461 was published Nov 18, 2024
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing... Moderate Unreviewed
CVE-2024-49394 was published Nov 12, 2024
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE... Moderate Unreviewed
CVE-2024-8036 was published Oct 25, 2024
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2024-23960 was published Sep 28, 2024
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
An Improper Validation of signature in Zscaler Client Connector on Windows allows an... Moderate Unreviewed
CVE-2023-28806 was published Aug 6, 2024
The Zscaler Updater process does not validate the digital signature of the installer before... Moderate Unreviewed
CVE-2024-23460 was published Aug 6, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to... Moderate Unreviewed
CVE-2024-5912 was published Jul 10, 2024
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database