Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

415 advisories

Loading
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-55xh-53m6-936r was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow Critical
CVE-2021-22160 was published for org.apache.pulsar:pulsar (Maven) Jun 1, 2021
Improper Verification of Cryptographic Signature Critical
CVE-2021-32685 was published for tenvoy (npm) Jun 21, 2021
Improper Verification of Cryptographic Signature Critical
GHSA-7r96-8g3x-g36m was published for tenvoy (npm) Jun 28, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Improper Verification of Cryptographic Signature in fastecdsa High
CVE-2020-12607 was published for fastecdsa (pip) Oct 12, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43569 was published for starkbank-ecdsa (NuGet) Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43571 was published for starkbank-ecdsa (npm) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database