GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
Signatures are mistakenly recognized to be valid in jsrsasign
Moderate
GHSA-h87q-g2wp-47pj
was published
for
jsrsasign
(npm)
Feb 9, 2022
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Moderate
GHSA-x5h4-9gqw-942j
was published
for
aws-encryption-sdk
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Moderate
GHSA-89v2-g37m-g3ff
was published
for
aws-encryption-sdk-cli
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Moderate
GHSA-h45p-w933-jxh3
was published
for
@aws-crypto/client-browser
(npm)
Jun 1, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Improper Verification of Cryptographic Signature in `node-forge`
Moderate
CVE-2022-24773
was published
for
node-forge
(npm)
Mar 18, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who...
Moderate
Unreviewed
CVE-2021-21474
was published
May 24, 2022
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java)...
Moderate
Unreviewed
CVE-2017-10669
was published
May 17, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for...
Moderate
Unreviewed
CVE-2022-20944
was published
Oct 11, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted...
Moderate
Unreviewed
CVE-2022-47549
was published
Dec 19, 2022
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer...
Moderate
Unreviewed
CVE-2020-12244
was published
May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347...
Moderate
Unreviewed
CVE-2022-2790
was published
Aug 20, 2022
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot...
Moderate
Unreviewed
CVE-2020-15705
was published
May 24, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an...
Moderate
Unreviewed
CVE-2019-1736
was published
May 24, 2022
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed...
Moderate
Unreviewed
CVE-2020-8133
was published
May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC...
Moderate
Unreviewed
CVE-2020-11488
was published
May 24, 2022
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without...
Moderate
Unreviewed
CVE-2020-29438
was published
May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when...
Moderate
Unreviewed
CVE-2021-1136
was published
May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when...
Moderate
Unreviewed
CVE-2021-1244
was published
May 24, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35113
was published
Sep 3, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the...
Moderate
Unreviewed
CVE-2018-18688
was published
May 24, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35097
was published
Sep 3, 2022
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who...
Moderate
Unreviewed
CVE-2021-3421
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API