GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
421 advisories
Filter by severity
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle...
Moderate
Unreviewed
CVE-2021-40326
was published
Aug 29, 2022
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i...
Moderate
Unreviewed
CVE-2020-13101
was published
May 24, 2022
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains...
High
Unreviewed
CVE-2022-28751
was published
Aug 18, 2022
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand...
Moderate
Unreviewed
CVE-2022-26510
was published
May 13, 2022
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from...
High
Unreviewed
CVE-2018-3968
was published
May 13, 2022
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function...
Moderate
Unreviewed
CVE-2018-10470
was published
May 13, 2022
Insufficient consistency checks in signature handling in the networking stack in Google Chrome...
Moderate
Unreviewed
CVE-2017-5066
was published
May 13, 2022
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019...
Moderate
Unreviewed
CVE-2018-16042
was published
May 13, 2022
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal...
High
Unreviewed
CVE-2018-7340
was published
May 13, 2022
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue...
Moderate
Unreviewed
CVE-2018-4111
was published
May 13, 2022
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43571
was published
for
starkbank-ecdsa
(npm)
Nov 10, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
High
CVE-2021-20319
was published
for
coreos-installer
(Rust)
Oct 12, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43569
was published
for
starkbank-ecdsa
(NuGet)
Nov 10, 2021
CPAN 2.28 allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16156
was published
Dec 14, 2021
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25...
Moderate
Unreviewed
CVE-2014-1498
was published
May 13, 2022
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
High
Unreviewed
CVE-2020-16154
was published
Feb 10, 2022
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers,...
Critical
Unreviewed
CVE-2019-6318
was published
May 13, 2022
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote...
Moderate
Unreviewed
CVE-2011-3965
was published
May 13, 2022
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in...
Moderate
Unreviewed
CVE-2018-6459
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API