Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

200 advisories

Loading
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block... High Unreviewed
CVE-2018-3756 was published May 14, 2022
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth... High Unreviewed
CVE-2017-16852 was published May 14, 2022
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in... High Unreviewed
CVE-2017-16853 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI... High Unreviewed
CVE-2017-17847 was published May 14, 2022
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions),... High Unreviewed
CVE-2018-16557 was published May 13, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... High Unreviewed
CVE-2017-12331 was published May 17, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-24115 was published Feb 11, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows... High Unreviewed
CVE-2022-41666 was published Nov 4, 2022
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions High Unreviewed
CVE-2014-3585 was published May 17, 2022
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may... High Unreviewed
CVE-2023-24025 was published Jan 20, 2023
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper... High Unreviewed
CVE-2022-34459 was published Feb 1, 2023
In the Android operating system, there is a possible way to replace a boot partition due to... High Unreviewed
CVE-2023-20940 was published Feb 28, 2023
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1813 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1812 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1811 was published May 24, 2022
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID... High Unreviewed
CVE-2021-35039 was published May 24, 2022
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for... High Unreviewed
CVE-2021-29108 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database