Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

470 advisories

Loading
Windows Enroll Engine Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-38069 was published Jul 9, 2024
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x... High Unreviewed
CVE-2023-34435 was published Jul 8, 2024
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate... Moderate Unreviewed
CVE-2024-0567 was published Jan 16, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing Critical
CVE-2024-32962 was published for xml-crypto (npm) May 1, 2024
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"... Critical Unreviewed
CVE-2024-36277 was published Jun 17, 2024
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an... High Unreviewed
CVE-2024-37532 was published Jun 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability Low Unreviewed
CVE-2024-21383 was published Jan 26, 2024
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification... Moderate Unreviewed
CVE-2024-2307 was published Mar 19, 2024
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows... Unknown Unreviewed
CVE-2024-1721 was published May 21, 2024
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege... High Unreviewed
CVE-2023-50228 was published May 3, 2024
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This... High Unreviewed
CVE-2024-23480 was published May 1, 2024
SimpleSAMLphp Improper Verification of Cryptographic Signature High
CVE-2018-7644 was published for simplesamlphp/saml2 (Composer) May 13, 2022
SimpleSAMLphp Signature validation bypass High
CVE-2017-18122 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160,... Moderate Unreviewed
CVE-2019-5300 was published May 24, 2022
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird... Moderate Unreviewed
CVE-2018-18509 was published May 24, 2022
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only... Moderate Unreviewed
CVE-2018-12556 was published May 24, 2022
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-28804 was published Oct 23, 2023
A vulnerability in software image verification in Cisco IOS XE Software could allow an... High Unreviewed
CVE-2020-3209 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database