Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

429 advisories

Loading
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm
RSA signature validation vulnerability on maleable encoded message in jsrsasign Critical
CVE-2021-30246 was published for jsrsasign (npm) Apr 16, 2021
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Signature validation bypass in ServiceStack Moderate
CVE-2020-28042 was published for ServiceStack (NuGet) Jan 13, 2021
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
Signature wrapping vulnerability in Spring Security High
CVE-2020-5407 was published for org.springframework.security:spring-security-core (Maven) Jun 5, 2020
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
Signature validation bypass in XmlSecLibs High
CVE-2019-3465 was published for robrichards/xmlseclibs (Composer) Nov 8, 2019
Improper Verification of Cryptographic Signature in keycloak Moderate
CVE-2019-10201 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Improper Verification of Cryptographic Signature in django-rest-registration Critical
CVE-2019-13177 was published for django-rest-registration (pip) Jul 2, 2019
peterthomassen
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API