Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,450
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,814
NuGet
689
pip
3,487
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

60 advisories

Loading
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon... Critical Unreviewed
CVE-2017-18146 was published May 14, 2022
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow... Critical Unreviewed
CVE-2019-1010263 was published May 24, 2022
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass... Critical Unreviewed
CVE-2019-1010161 was published May 24, 2022
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass... Critical Unreviewed
CVE-2020-12676 was published May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082... Critical Unreviewed
CVE-2020-27540 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in the Palo Alto... Critical Unreviewed
CVE-2021-3033 was published May 24, 2022
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and... Critical Unreviewed
CVE-2021-20487 was published May 24, 2022
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus... Critical Unreviewed
CVE-2021-37160 was published May 24, 2022
ecdsa-elixir fails to check signatures, vulnerable to message forging Critical
CVE-2021-43568 was published for ecdsa-elixir (Erlang) May 24, 2022
westonsteimel
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)... Critical Unreviewed
CVE-2022-31206 was published Jul 27, 2022
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18... Critical Unreviewed
CVE-2022-31207 was published Jul 27, 2022
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature... Critical Unreviewed
CVE-2022-23334 was published Jan 30, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ... Critical Unreviewed
CVE-2023-25718 was published Feb 13, 2023
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler... Critical Unreviewed
CVE-2023-28801 was published Aug 31, 2023
An Improper Verification of Cryptographic Signature vulnerability in the update process of... Critical Unreviewed
CVE-2023-5347 was published Jan 9, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka... Critical Unreviewed
CVE-2023-44077 was published Jan 17, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a... Critical Unreviewed
CVE-2024-21917 was published Jan 31, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing Critical
CVE-2024-32962 was published for xml-crypto (npm) May 1, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database