GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
178 advisories
Filter by severity
Improper Verification of Cryptographic Signature in Apache Netbeans
High
CVE-2019-17561
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in...
High
Unreviewed
CVE-2019-19962
was published
May 24, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the...
High
Unreviewed
CVE-2019-16732
was published
May 24, 2022
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a...
High
Unreviewed
CVE-2019-16992
was published
May 24, 2022
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer...
High
Unreviewed
CVE-2019-11755
was published
May 24, 2022
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated,...
High
Unreviewed
CVE-2019-12662
was published
May 24, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an...
High
Unreviewed
CVE-2019-12649
was published
May 24, 2022
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature...
High
Unreviewed
CVE-2019-5299
was published
May 24, 2022
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of...
High
Unreviewed
CVE-2019-1010279
was published
May 24, 2022
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can...
High
Unreviewed
CVE-2019-12269
was published
May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow...
High
Unreviewed
CVE-2019-1813
was published
May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow...
High
Unreviewed
CVE-2019-1812
was published
May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow...
High
Unreviewed
CVE-2019-1811
was published
May 24, 2022
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and...
High
Unreviewed
CVE-2019-1728
was published
May 24, 2022
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
High
Unreviewed
CVE-2014-3585
was published
May 17, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux...
High
Unreviewed
CVE-2014-9934
was published
May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to...
High
Unreviewed
CVE-2017-12331
was published
May 17, 2022
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth...
High
Unreviewed
CVE-2017-16852
was published
May 14, 2022
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in...
High
Unreviewed
CVE-2017-16853
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI...
High
Unreviewed
CVE-2017-17847
was published
May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability
High
CVE-2015-9258
was published
for
github.com/docker/notary
(Go)
May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block...
High
Unreviewed
CVE-2018-3756
was published
May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA...
High
Unreviewed
CVE-2018-15836
was published
May 14, 2022
SimpleSAMLphp Signature validation bypass
High
CVE-2017-18122
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API