Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

29 advisories

Loading
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
Improper Verification of Cryptographic Signature in django-rest-registration Critical
CVE-2019-13177 was published for django-rest-registration (pip) Jul 2, 2019
peterthomassen
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC Critical
CVE-2024-21669 was published for aries-cloudagent (pip) Jan 9, 2024
dbluhm
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Critical security issues in XML encoding in github.com/dexidp/dex Critical
CVE-2020-26290 was published for github.com/dexidp/dex (Go) Dec 20, 2021
jupenur ericchiang
justaugustus sagikazarmark
ecdsa-elixir fails to check signatures, vulnerable to message forging Critical
CVE-2021-43568 was published for ecdsa-elixir (Erlang) May 24, 2022
westonsteimel
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm
RSA signature validation vulnerability on maleable encoded message in jsrsasign Critical
CVE-2021-30246 was published for jsrsasign (npm) Apr 16, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
Firebase PHP-JWT key/algorithm type confusion Critical
CVE-2021-46743 was published for firebase/php-jwt (Composer) Mar 30, 2022
llupa
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
Missing certificate validation in Apache JMeter Critical
CVE-2018-1287 was published for org.apache.jmeter:ApacheJMeter (Maven) May 13, 2022
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43569 was published for starkbank-ecdsa (NuGet) Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43571 was published for starkbank-ecdsa (npm) Nov 10, 2021
Improper Verification of Cryptographic Signature Critical
CVE-2021-32685 was published for tenvoy (npm) Jun 21, 2021
ProTip! Advisories are also available from the GraphQL API