Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
notation-go's verification bypass can cause users to verify the wrong artifact High
CVE-2023-33959 was published for github.com/notaryproject/notation-go (Go) Jun 6, 2023
AdamKorcz shizhMSFT
priteshbandi
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
Grafana Plugin signature bypass High
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API