Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

429 advisories

Loading
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could... High Unreviewed
CVE-2024-8531 was published Oct 11, 2024
An improper verification of cryptographic signature vulnerability was identified in GitHub... Critical Unreviewed
CVE-2024-9487 was published Oct 11, 2024
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2024-23960 was published Sep 28, 2024
Improper verification of cryptographic signature during installation of a VPN driver via the... High Unreviewed
CVE-2024-7479 was published Sep 25, 2024
Improper verification of cryptographic signature during installation of a Printer driver via the... High Unreviewed
CVE-2024-7481 was published Sep 25, 2024
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document... High Unreviewed
CVE-2024-7788 was published Sep 17, 2024
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when... Critical Unreviewed
CVE-2024-6800 was published Aug 20, 2024
The Zscaler Updater process does not validate the digital signature of the installer before... Moderate Unreviewed
CVE-2024-23460 was published Aug 6, 2024
An Improper Validation of signature in Zscaler Client Connector on Windows allows an... Moderate Unreviewed
CVE-2023-28806 was published Aug 6, 2024
Anti-tampering can be disabled under certain conditions without signature validation. This... High Unreviewed
CVE-2024-23456 was published Aug 6, 2024
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database