Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

152 advisories

Loading
Signatures are mistakenly recognized to be valid in jsrsasign Moderate
GHSA-h87q-g2wp-47pj was published for jsrsasign (npm) Feb 9, 2022
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-55xh-53m6-936r was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Improper Verification of Cryptographic Signature in `node-forge` Moderate
CVE-2022-24773 was published for node-forge (npm) Mar 18, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed
CVE-2021-21474 was published May 24, 2022
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java)... Moderate Unreviewed
CVE-2017-10669 was published May 17, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2022-20944 was published Oct 11, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed
CVE-2022-47549 was published Dec 19, 2022
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer... Moderate Unreviewed
CVE-2020-12244 was published May 24, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347... Moderate Unreviewed
CVE-2022-2790 was published Aug 20, 2022
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot... Moderate Unreviewed
CVE-2020-15705 was published May 24, 2022
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an... Moderate Unreviewed
CVE-2019-1736 was published May 24, 2022
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed... Moderate Unreviewed
CVE-2020-8133 was published May 24, 2022
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC... Moderate Unreviewed
CVE-2020-11488 was published May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18689 was published May 24, 2022
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without... Moderate Unreviewed
CVE-2020-29438 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1244 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1136 was published May 24, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35113 was published Sep 3, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18688 was published May 24, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35097 was published Sep 3, 2022
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database