Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,716
Erlang
35
GitHub Actions
29
Go
2,304
Maven
5,000+
npm
3,946
NuGet
711
pip
3,719
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

473 advisories

Loading
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse... Moderate Unreviewed
CVE-2021-43393 was published Mar 5, 2022
Overflow in libsecp256k1 Critical
CVE-2021-38195 was published for libsecp256k1 (Rust) Aug 25, 2021
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows... High Unreviewed
CVE-2022-41666 was published Nov 4, 2022
There is a vulnerability of signature verification mechanism failure in system upgrade through... Moderate Unreviewed
CVE-2021-40045 was published Feb 11, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-24115 was published Feb 11, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that... Moderate Unreviewed
CVE-2021-20156 was published Dec 31, 2021
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic... Moderate Unreviewed
CVE-2017-8190 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2017-12333 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... High Unreviewed
CVE-2017-12331 was published May 17, 2022
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK... Moderate Unreviewed
CVE-2017-8177 was published May 17, 2022
A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions),... High Unreviewed
CVE-2018-16557 was published May 13, 2022
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on... Moderate Unreviewed
CVE-2018-0486 was published May 14, 2022
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on... Moderate Unreviewed
CVE-2018-0489 was published May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block... High Unreviewed
CVE-2018-3756 was published May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon... Critical Unreviewed
CVE-2017-18146 was published May 14, 2022
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary... Moderate Unreviewed
CVE-2018-10407 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16150 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16253 was published May 14, 2022
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x... Moderate Unreviewed
CVE-2018-0501 was published May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine... Critical Unreviewed
CVE-2018-8955 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16149 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database