GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
Agent Dart is missing certificate verification checks
High
CVE-2024-48915
was published
for
agent_dart
(Pub)
Oct 15, 2024
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Grafana Plugin signature bypass
High
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
Gentoo Portage missing PGP validation of executed code
High
CVE-2016-20021
was published
for
portage
(pip)
Jan 12, 2024
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
Dendrite signature checks not applied to some retrieved missing events
High
CVE-2022-39200
was published
for
github.com/matrix-org/dendrite
(Go)
Sep 15, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
JWS and JWT signature validation vulnerability with special characters
High
CVE-2022-25898
was published
for
jsrsasign
(npm)
Jun 25, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Improper Verification of Cryptographic Signature in Apache Netbeans
High
CVE-2019-17561
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
High
CVE-2013-4346
was published
for
oauth2
(pip)
May 17, 2022
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API