GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Improper Verification of Cryptographic Signature in django-rest-registration
Critical
CVE-2019-13177
was published
for
django-rest-registration
(pip)
Jul 2, 2019
Improper Verification of Cryptographic Signature in Pure-Python ECDSA
Critical
CVE-2019-14859
was published
for
ecdsa
(pip)
Apr 1, 2020
Incorrect threshold signature computation in TUF
Critical
CVE-2020-6174
was published
for
tuf
(pip)
Aug 21, 2020
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Critical
CVE-2021-30246
was published
for
jsrsasign
(npm)
Apr 16, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino`
Critical
CVE-2021-29451
was published
for
com.manydesigns:portofino-core
(Maven)
Apr 19, 2021
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Critical
CVE-2021-22160
was published
for
org.apache.pulsar:pulsar
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
Improper Verification of Cryptographic Signature
Critical
GHSA-7r96-8g3x-g36m
was published
for
tenvoy
(npm)
Jun 28, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank:starkbank-ecdsa
(Maven)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43569
was published
for
starkbank-ecdsa
(NuGet)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43571
was published
for
starkbank-ecdsa
(npm)
Nov 10, 2021
Critical security issues in XML encoding in github.com/dexidp/dex
Critical
CVE-2020-26290
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Firebase PHP-JWT key/algorithm type confusion
Critical
CVE-2021-46743
was published
for
firebase/php-jwt
(Composer)
Mar 30, 2022
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers,...
Critical
Unreviewed
CVE-2019-6318
was published
May 13, 2022
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the...
Critical
Unreviewed
CVE-2017-3198
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2017-2423
was published
May 13, 2022
Missing certificate validation in Apache JMeter
Critical
CVE-2018-1287
was published
for
org.apache.jmeter:ApacheJMeter
(Maven)
May 13, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2....
Critical
Unreviewed
CVE-2018-12356
was published
May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet...
Critical
Unreviewed
CVE-2018-5923
was published
May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine...
Critical
Unreviewed
CVE-2018-8955
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API