Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,693
Erlang
34
GitHub Actions
28
Go
2,283
Maven
5,000+
npm
3,934
NuGet
708
pip
3,702
Pub
12
RubyGems
919
Rust
959
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

310 advisories

Loading
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF... Low Unreviewed
CVE-2025-2866 was published Apr 27, 2025
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series... Moderate Unreviewed
CVE-2025-20181 was published May 7, 2025
Insufficient verification of multiple header signatures while loading a Trusted Application (TA)... High Unreviewed
CVE-2021-26391 was published Nov 10, 2022
Improper verification of cryptographic signature in Microsoft Azure Functions allows an... High Unreviewed
CVE-2025-33074 was published Apr 30, 2025
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution... High Unreviewed
CVE-2025-2764 was published Apr 23, 2025
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution... Moderate Unreviewed
CVE-2025-2763 was published Apr 23, 2025
An issue in code signature validation was addressed with improved checks. This issue is fixed in... Moderate Unreviewed
CVE-2022-42793 was published Nov 2, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature... High Unreviewed
CVE-2017-17848 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI... High Unreviewed
CVE-2017-17847 was published May 14, 2022
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in... High Unreviewed
CVE-2017-16853 was published May 14, 2022
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth... High Unreviewed
CVE-2017-16852 was published May 14, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed
CVE-2017-6445 was published May 13, 2022
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan... Moderate Unreviewed
CVE-2016-8021 was published May 17, 2022
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures... Moderate Unreviewed
CVE-2025-43903 was published Apr 18, 2025
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could... Moderate Unreviewed
CVE-2025-20178 was published Apr 16, 2025
MSI Center before 2.0.52.0 has Missing PE Signature Validation. High Unreviewed
CVE-2025-27813 was published Apr 10, 2025
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter... Moderate Unreviewed
CVE-2025-31335 was published Mar 28, 2025
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade... Critical Unreviewed
CVE-2021-36226 was published Feb 6, 2023
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful... Critical Unreviewed
CVE-2023-52538 was published Apr 8, 2024
The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III... Critical Unreviewed
CVE-2024-47943 was published Oct 15, 2024
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and... Critical Unreviewed
CVE-2018-25099 was published Mar 18, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local... Moderate Unreviewed
CVE-2025-20143 was published Mar 12, 2025
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass... High Unreviewed
CVE-2025-2233 was published Mar 12, 2025
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has... High Unreviewed
CVE-2023-34058 was published Oct 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database