Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Golang/x/crypto message forgery vulnerability Moderate
CVE-2019-11841 was published for golang.org/x/crypto (Go) May 24, 2022
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
ProTip! Advisories are also available from the GraphQL API