GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
412 advisories
Filter by severity
Improper Verification of Cryptographic Signature
Critical
GHSA-7r96-8g3x-g36m
was published
for
tenvoy
(npm)
Jun 28, 2021
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Critical
CVE-2021-22160
was published
for
org.apache.pulsar:pulsar
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Moderate
GHSA-h45p-w933-jxh3
was published
for
@aws-crypto/client-browser
(npm)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Moderate
GHSA-89v2-g37m-g3ff
was published
for
aws-encryption-sdk-cli
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Moderate
GHSA-x5h4-9gqw-942j
was published
for
aws-encryption-sdk
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
Improper Verification of Cryptographic Signature in ansible
Moderate
CVE-2020-14365
was published
for
ansible
(pip)
Apr 20, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino`
Critical
CVE-2021-29451
was published
for
com.manydesigns:portofino-core
(Maven)
Apr 19, 2021
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Critical
CVE-2021-30246
was published
for
jsrsasign
(npm)
Apr 16, 2021
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
Improper Verification of Cryptographic Signature in PySAML2
Moderate
CVE-2021-21239
was published
for
pysaml2
(pip)
Jan 21, 2021
SAML XML Signature wrapping in PySAML2
Moderate
CVE-2021-21238
was published
for
pysaml2
(pip)
Jan 21, 2021
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
ProTip!
Advisories are also available from the
GraphQL API