Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

147 advisories

Loading
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain... Moderate Unreviewed
CVE-2021-43392 was published Mar 5, 2022
Missing server signature validation in OctoberCMS Moderate
CVE-2022-23655 was published for october/system (Composer) Feb 24, 2022
There is a vulnerability of signature verification mechanism failure in system upgrade through... Moderate Unreviewed
CVE-2021-40045 was published Feb 11, 2022
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that... Moderate Unreviewed
CVE-2021-20156 was published Dec 31, 2021
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-55xh-53m6-936r was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
Signature validation bypass in ServiceStack Moderate
CVE-2020-28042 was published for ServiceStack (NuGet) Jan 13, 2021
Multiple cryptographic issues in Python oic Moderate
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
Improper Verification of Cryptographic Signature in keycloak Moderate
CVE-2019-10201 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Json-jwt did not verify the cryptographic signature for data Moderate
CVE-2018-1000539 was published for json-jwt (RubyGems) Jul 31, 2018
tdunlap607
ProTip! Advisories are also available from the GraphQL API