Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

154 advisories

Loading
A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco... Moderate Unreviewed
CVE-2019-1810 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... Moderate Unreviewed
CVE-2019-1808 was published May 24, 2022
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application... Moderate Unreviewed
CVE-2023-28818 was published Mar 24, 2023
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Json-jwt did not verify the cryptographic signature for data Moderate
CVE-2018-1000539 was published for json-jwt (RubyGems) Jul 31, 2018
tdunlap607
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
python-apt Does Not Check Hash Signature Moderate
CVE-2019-15796 was published for python-apt (pip) May 24, 2022
Golang/x/crypto message forgery vulnerability Moderate
CVE-2019-11841 was published for golang.org/x/crypto (Go) May 24, 2022
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. Moderate
CVE-2023-47122 was published for github.com/sigstore/gitsign (Go) Nov 14, 2023
adityasaky
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an... Moderate Unreviewed
CVE-2023-20567 was published Nov 14, 2023
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an... Moderate Unreviewed
CVE-2023-20568 was published Nov 14, 2023
Missing SSH host key validation in Mac Plugin Moderate
CVE-2020-2146 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable Moderate
CVE-2023-50714 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Some Honor products are affected by signature management vulnerability, successful exploitation... Moderate Unreviewed
CVE-2023-23435 was published Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation... Moderate Unreviewed
CVE-2023-23433 was published Dec 29, 2023
A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows... Moderate Unreviewed
CVE-2020-16922 was published May 24, 2022
A vulnerability exists in the Relion update package signature validation. A tampered update... Moderate Unreviewed
CVE-2022-3864 was published Jan 4, 2024
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x... Moderate Unreviewed
CVE-2022-42010 was published Oct 10, 2022
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal... Moderate Unreviewed
CVE-2002-1706 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database