GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,080
Erlang
29
GitHub Actions
19
Go
1,908
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
Keycloak SAML signature validation flaw
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
Improper Verification of Cryptographic Signature in ansible
High
CVE-2020-14365
was published
for
ansible
(pip)
Apr 20, 2021
Gentoo Portage missing PGP validation of executed code
High
CVE-2016-20021
was published
for
portage
(pip)
Jan 12, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
SimpleSAMLphp Improper Verification of Cryptographic Signature
High
CVE-2018-7644
was published
for
simplesamlphp/saml2
(Composer)
May 13, 2022
SimpleSAMLphp Signature validation bypass
High
CVE-2017-18122
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
SaltStack Improper Verification of Cryptographic Signature
High
CVE-2022-22934
was published
for
salt
(pip)
Mar 30, 2022
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client
High
GHSA-xh97-72ww-2w58
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
May 4, 2022
•
withdrawn
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Signature validation bypass in XmlSecLibs
High
CVE-2019-3465
was published
for
robrichards/xmlseclibs
(Composer)
Nov 8, 2019
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24771
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24772
was published
for
node-forge
(npm)
Mar 18, 2022
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
Cisco node-jose improper validation of JWT signature
High
CVE-2018-0114
was published
for
node-jose
(npm)
May 13, 2022
Matrix Synapse Improper Signature Validation
High
CVE-2018-16515
was published
for
matrix-synapse
(pip)
May 13, 2022
Wizkunde SAMLBase SAML Bypass
High
CVE-2018-5387
was published
for
gogentooss/samlbase
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API