Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,697
Erlang
34
GitHub Actions
28
Go
2,289
Maven
5,000+
npm
3,936
NuGet
708
pip
3,706
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. High Unreviewed
CVE-2020-16154 was published Feb 10, 2022
CPAN 2.28 allows Signature Verification Bypass. High Unreviewed
CVE-2020-16156 was published Dec 14, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal... High Unreviewed
CVE-2018-7340 was published May 13, 2022
Signature wrapping vulnerability in Spring Security High
CVE-2020-5407 was published for org.springframework.security:spring-security-core (Maven) Jun 5, 2020
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from... High Unreviewed
CVE-2018-3968 was published May 13, 2022
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains... High Unreviewed
CVE-2022-28751 was published Aug 18, 2022
Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper... High Unreviewed
CVE-2021-36277 was published May 24, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify... High Unreviewed
CVE-2021-34420 was published May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge... High Unreviewed
CVE-2021-37127 was published May 24, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application... High Unreviewed
CVE-2022-1739 was published Jun 25, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source... High Unreviewed
CVE-2021-41832 was published May 24, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a... High Unreviewed
CVE-2021-41830 was published May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in... High Unreviewed
CVE-2021-1849 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... High Unreviewed
CVE-2021-34708 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML... High Unreviewed
CVE-2021-3051 was published May 24, 2022
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based ... High Unreviewed
CVE-2021-34433 was published May 24, 2022
A vulnerability in the image verification function of Cisco Expressway Series and Cisco... High Unreviewed
CVE-2021-34715 was published May 24, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ... High Unreviewed
CVE-2021-22708 was published May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX)... High Unreviewed
CVE-2021-22735 was published May 24, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the... High Unreviewed
CVE-2022-41669 was published Nov 4, 2022
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0... High Unreviewed
CVE-2021-3196 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database