Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ... Critical Unreviewed
CVE-2023-25718 was published Feb 13, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper... High Unreviewed
CVE-2022-34459 was published Feb 1, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature... Critical Unreviewed
CVE-2022-23334 was published Jan 30, 2023
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may... High Unreviewed
CVE-2023-24025 was published Jan 20, 2023
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed
CVE-2022-47549 was published Dec 19, 2022
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the... High Unreviewed
CVE-2022-41669 was published Nov 4, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows... High Unreviewed
CVE-2022-41666 was published Nov 4, 2022
acryl-datahub missing JWT signature check Critical
CVE-2022-39366 was published for acryl-datahub (pip) Oct 31, 2022
artsploit pwntester
sylwia-budzynska p- Kwstubbs jorgectf
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2022-20944 was published Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x... Moderate Unreviewed
CVE-2022-42010 was published Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed
CVE-2022-38178 was published Sep 22, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed
CVE-2022-38177 was published Sep 22, 2022
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
ProTip! Advisories are also available from the GraphQL API