GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
389 advisories
Filter by severity
In the Android operating system, there is a possible way to replace a boot partition due to...
High
Unreviewed
CVE-2023-20940
was published
Feb 28, 2023
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all...
Moderate
Unreviewed
CVE-2021-43074
was published
Feb 16, 2023
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ...
Critical
Unreviewed
CVE-2023-25718
was published
Feb 13, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade...
Critical
Unreviewed
CVE-2021-36226
was published
Feb 6, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Moderate
CVE-2023-23940
was published
for
openzeppelin-cairo-contracts
(pip)
Feb 2, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper...
High
Unreviewed
CVE-2022-34459
was published
Feb 1, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature...
Critical
Unreviewed
CVE-2022-23334
was published
Jan 30, 2023
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may...
High
Unreviewed
CVE-2023-24025
was published
Jan 20, 2023
Cargo did not verify SSH host keys
Moderate
CVE-2022-46176
was published
for
cargo
(Rust)
Jan 10, 2023
go-saml's XML Digital Signatures use SHA-1
Moderate
CVE-2020-36563
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted...
Moderate
Unreviewed
CVE-2022-47549
was published
Dec 19, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the...
High
Unreviewed
CVE-2022-41669
was published
Nov 4, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows...
High
Unreviewed
CVE-2022-41666
was published
Nov 4, 2022
acryl-datahub missing JWT signature check
Critical
CVE-2022-39366
was published
for
acryl-datahub
(pip)
Oct 31, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2022-20944
was published
Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x...
Moderate
Unreviewed
CVE-2022-42010
was published
Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API