GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Failure to validate signature during handshake
High
CVE-2022-24759
was published
for
@chainsafe/libp2p-noise
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
High
CVE-2017-12974
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
JWS and JWT signature validation vulnerability with special characters
High
CVE-2022-25898
was published
for
jsrsasign
(npm)
Jun 25, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
High
CVE-2021-20319
was published
for
coreos-installer
(Rust)
Oct 12, 2021
Improper Verification of Cryptographic Signature in Apache Netbeans
High
CVE-2019-17561
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
Dendrite signature checks not applied to some retrieved missing events
High
CVE-2022-39200
was published
for
github.com/matrix-org/dendrite
(Go)
Sep 15, 2022
Improper verification of signature threshold in tough
High
CVE-2020-15093
was published
for
tough
(Rust)
Aug 25, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Failure to properly verify ed25519 signatures in libp2p-core
High
CVE-2019-15545
was published
for
libp2p-core
(Rust)
Aug 25, 2021
Docker Notary Signature Algorithm Not Matched to Key vulnerability
High
CVE-2015-9258
was published
for
github.com/docker/notary
(Go)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API