Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

48 advisories

Loading
Keycloak SAML signature validation flaw Moderate
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable Moderate
CVE-2023-50714 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Missing SSH host key validation in Mac Plugin Moderate
CVE-2020-2146 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
ProTip! Advisories are also available from the GraphQL API