GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
429 advisories
Filter by severity
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
Improper Verification of Cryptographic Signature in ansible
Moderate
CVE-2020-14365
was published
for
ansible
(pip)
Apr 20, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino`
Critical
CVE-2021-29451
was published
for
com.manydesigns:portofino-core
(Maven)
Apr 19, 2021
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Critical
CVE-2021-30246
was published
for
jsrsasign
(npm)
Apr 16, 2021
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
Improper Verification of Cryptographic Signature in PySAML2
Moderate
CVE-2021-21239
was published
for
pysaml2
(pip)
Jan 21, 2021
SAML XML Signature wrapping in PySAML2
Moderate
CVE-2021-21238
was published
for
pysaml2
(pip)
Jan 21, 2021
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Critical
CVE-2019-14859
was published
for
ecdsa
(pip)
Apr 1, 2020
Signature validation bypass in XmlSecLibs
High
CVE-2019-3465
was published
for
robrichards/xmlseclibs
(Composer)
Nov 8, 2019
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
Improper Verification of Cryptographic Signature in django-rest-registration
Critical
CVE-2019-13177
was published
for
django-rest-registration
(pip)
Jul 2, 2019
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API