GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
192 advisories
Filter by severity
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Failure to validate signature during handshake
High
CVE-2022-24759
was published
for
@chainsafe/libp2p-noise
(npm)
Mar 18, 2022
A firmware update vulnerability exists in the "update" firmware checks functionality of...
High
Unreviewed
CVE-2022-21134
was published
Jan 29, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,...
High
Unreviewed
CVE-2021-32977
was published
Apr 5, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,...
High
Unreviewed
CVE-2021-30066
was published
Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first...
High
Unreviewed
CVE-2015-3298
was published
Mar 31, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun...
High
Unreviewed
CVE-2020-25166
was published
Apr 15, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
High
CVE-2017-12974
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure...
High
Unreviewed
CVE-2021-1366
was published
May 24, 2022
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-23533
was published
May 24, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
JWS and JWT signature validation vulnerability with special characters
High
CVE-2022-25898
was published
for
jsrsasign
(npm)
Jun 25, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux...
High
Unreviewed
CVE-2014-9934
was published
May 17, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker...
High
Unreviewed
CVE-2022-38178
was published
Sep 22, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker...
High
Unreviewed
CVE-2022-38177
was published
Sep 22, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the...
High
Unreviewed
CVE-2019-16732
was published
May 24, 2022
A vulnerability exists that could allow the execution of unauthorized code or operating system...
High
Unreviewed
CVE-2020-9047
was published
May 24, 2022
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the...
High
Unreviewed
CVE-2020-10126
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API