GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
11 advisories
Filter by severity
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
High
CVE-2017-12974
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
Improper Verification of Cryptographic Signature in Apache Netbeans
High
CVE-2019-17561
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
High
CVE-2021-44878
was published
for
org.pac4j:pac4j-oidc
(Maven)
Jan 8, 2022
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client
High
GHSA-xh97-72ww-2w58
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
May 4, 2022
•
withdrawn
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
ProTip!
Advisories are also available from the
GraphQL API