Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,706
Erlang
34
GitHub Actions
28
Go
2,292
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

215 advisories

Loading
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed
CVE-2022-38177 was published Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed
CVE-2022-38178 was published Sep 22, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows... High Unreviewed
CVE-2022-41666 was published Nov 4, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the... High Unreviewed
CVE-2022-41669 was published Nov 4, 2022
Insufficient verification of multiple header signatures while loading a Trusted Application (TA)... High Unreviewed
CVE-2021-26391 was published Nov 10, 2022
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may... High Unreviewed
CVE-2023-24025 was published Jan 20, 2023
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper... High Unreviewed
CVE-2022-34459 was published Feb 1, 2023
In the Android operating system, there is a possible way to replace a boot partition due to... High Unreviewed
CVE-2023-20940 was published Feb 28, 2023
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature... High Unreviewed
CVE-2023-25934 was published May 4, 2023
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-4418 was published May 18, 2023
notation-go's verification bypass can cause users to verify the wrong artifact High
CVE-2023-33959 was published for github.com/notaryproject/notation-go (Go) Jun 6, 2023
AdamKorcz shizhMSFT
priteshbandi
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for... High Unreviewed
CVE-2023-34120 was published Jun 13, 2023
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic... High Unreviewed
CVE-2023-28602 was published Jun 13, 2023
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic... High Unreviewed
CVE-2023-32449 was published Jun 22, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating... High Unreviewed
CVE-2023-38418 was published Aug 2, 2023
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows... High Unreviewed
CVE-2023-39211 was published Aug 9, 2023
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation... High Unreviewed
CVE-2023-39393 was published Aug 13, 2023
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this... High Unreviewed
CVE-2023-39392 was published Aug 13, 2023
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio... High Unreviewed
CVE-2023-23773 was published Aug 29, 2023
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site... High Unreviewed
CVE-2023-23772 was published Aug 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database