Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

157 advisories

Loading
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are... Moderate Unreviewed
CVE-2024-21988 was published Jun 15, 2024
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is... Moderate Unreviewed
CVE-2023-3347 was published Jul 20, 2023
The application failed to account for exceptions thrown by the `loadManifestFromFile` method... Moderate Unreviewed
CVE-2024-11696 was published Nov 26, 2024
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18689 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense ... Moderate Unreviewed
CVE-2020-3308 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could... Moderate Unreviewed
CVE-2021-1461 was published Nov 18, 2024
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing... Moderate Unreviewed
CVE-2024-49394 was published Nov 12, 2024
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE... Moderate Unreviewed
CVE-2024-8036 was published Oct 25, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability... Moderate Unreviewed
CVE-2024-23960 was published Sep 28, 2024
OpenStack Keystone does not check signature TTL of the EC2 credential auth method Moderate
CVE-2020-12692 was published for keystone (pip) May 24, 2022
Improper privilege management in the installer for Zoom Desktop Client for Windows before version... Moderate Unreviewed
CVE-2024-24694 was published Apr 9, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5... Moderate Unreviewed
CVE-2024-27247 was published Apr 9, 2024
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated... Moderate Unreviewed
CVE-2023-49646 was published Dec 14, 2023
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database