Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
ProTip! Advisories are also available from the GraphQL API