Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco... High Unreviewed
CVE-2021-1376 was published May 24, 2022
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. High Unreviewed
CVE-2021-28091 was published May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX)... High Unreviewed
CVE-2021-22734 was published May 24, 2022
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This... High Unreviewed
CVE-2021-3445 was published May 24, 2022
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any... High Unreviewed
CVE-2021-33054 was published May 24, 2022
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of... High Unreviewed
CVE-2020-36285 was published May 24, 2022
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco... High Unreviewed
CVE-2021-1375 was published May 24, 2022
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of... High Unreviewed
CVE-2020-36284 was published May 24, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for the... High Unreviewed
CVE-2021-1453 was published May 24, 2022
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without... High Unreviewed
CVE-2020-23967 was published May 24, 2022
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires... High Unreviewed
CVE-2020-28045 was published May 24, 2022
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via... High Unreviewed
CVE-2020-26122 was published May 24, 2022
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017... High Unreviewed
CVE-2020-24429 was published May 24, 2022
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened... High Unreviewed
CVE-2020-26540 was published May 24, 2022
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the... High Unreviewed
CVE-2020-10126 was published May 24, 2022
A vulnerability exists that could allow the execution of unauthorized code or operating system... High Unreviewed
CVE-2020-9047 was published May 24, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the... High Unreviewed
CVE-2019-16732 was published May 24, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed
CVE-2022-38177 was published Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed
CVE-2022-38178 was published Sep 22, 2022
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed
CVE-2014-9934 was published May 17, 2022
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database