Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are... Moderate Unreviewed
CVE-2024-21988 was published Jun 15, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Improper privilege management in the installer for Zoom Desktop Client for Windows before version... Moderate Unreviewed
CVE-2024-24694 was published Apr 9, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5... Moderate Unreviewed
CVE-2024-27247 was published Apr 9, 2024
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification... Moderate Unreviewed
CVE-2024-2307 was published Mar 19, 2024
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate... Moderate Unreviewed
CVE-2024-0567 was published Jan 16, 2024
A vulnerability exists in the Relion update package signature validation. A tampered update... Moderate Unreviewed
CVE-2022-3864 was published Jan 4, 2024
Some Honor products are affected by signature management vulnerability, successful exploitation... Moderate Unreviewed
CVE-2023-23433 was published Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation... Moderate Unreviewed
CVE-2023-23435 was published Dec 29, 2023
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable Moderate
CVE-2023-50714 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated... Moderate Unreviewed
CVE-2023-49646 was published Dec 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an... Moderate Unreviewed
CVE-2023-20567 was published Nov 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an... Moderate Unreviewed
CVE-2023-20568 was published Nov 14, 2023
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-28804 was published Oct 23, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App... Moderate Unreviewed
CVE-2021-43171 was published Aug 22, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database