GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
27 advisories
Filter by severity
An improper verification of cryptographic signature vulnerability was identified in GitHub...
Critical
Unreviewed
CVE-2024-9487
was published
Oct 11, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-6800
was published
Aug 20, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"...
Critical
Unreviewed
CVE-2024-36277
was published
Jun 17, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a...
Critical
Unreviewed
CVE-2024-21917
was published
Jan 31, 2024
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka...
Critical
Unreviewed
CVE-2023-44077
was published
Jan 17, 2024
An Improper Verification of Cryptographic Signature vulnerability in the update process of...
Critical
Unreviewed
CVE-2023-5347
was published
Jan 9, 2024
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler...
Critical
Unreviewed
CVE-2023-28801
was published
Aug 31, 2023
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ...
Critical
Unreviewed
CVE-2023-25718
was published
Feb 13, 2023
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade...
Critical
Unreviewed
CVE-2021-36226
was published
Feb 6, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature...
Critical
Unreviewed
CVE-2022-23334
was published
Jan 30, 2023
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18...
Critical
Unreviewed
CVE-2022-31207
was published
Jul 27, 2022
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series)...
Critical
Unreviewed
CVE-2022-31206
was published
Jul 27, 2022
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus...
Critical
Unreviewed
CVE-2021-37160
was published
May 24, 2022
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and...
Critical
Unreviewed
CVE-2021-20487
was published
May 24, 2022
An improper verification of cryptographic signature vulnerability exists in the Palo Alto...
Critical
Unreviewed
CVE-2021-3033
was published
May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082...
Critical
Unreviewed
CVE-2020-27540
was published
May 24, 2022
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass...
Critical
Unreviewed
CVE-2020-12676
was published
May 24, 2022
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass...
Critical
Unreviewed
CVE-2019-1010161
was published
May 24, 2022
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow...
Critical
Unreviewed
CVE-2019-1010263
was published
May 24, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon...
Critical
Unreviewed
CVE-2017-18146
was published
May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine...
Critical
Unreviewed
CVE-2018-8955
was published
May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet...
Critical
Unreviewed
CVE-2018-5923
was published
May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2....
Critical
Unreviewed
CVE-2018-12356
was published
May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2017-2423
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API