Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
rfc3161-client has insufficient verification for timestamp response signatures Critical
CVE-2025-52556 was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
LTI JupyterHub Authenticator does not properly validate JWT Signature Critical
CVE-2023-25574 was published for jupyterhub-ltiauthenticator (pip) Feb 25, 2025
consideRatio
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Gentoo Portage missing PGP validation of executed code High
CVE-2016-20021 was published for portage (pip) Jan 12, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
python-apt Does Not Check Hash Signature Moderate
CVE-2019-15796 was published for python-apt (pip) May 24, 2022
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks High
CVE-2013-4346 was published for oauth2 (pip) May 17, 2022
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
Matrix Synapse Improper Signature Validation High
CVE-2018-16515 was published for matrix-synapse (pip) May 13, 2022
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Improper Verification of Cryptographic Signature in fastecdsa High
CVE-2020-12607 was published for fastecdsa (pip) Oct 12, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database