GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
High
CVE-2017-1000452
was published
for
samlify
(npm)
Jan 4, 2018
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Critical
CVE-2021-30246
was published
for
jsrsasign
(npm)
Apr 16, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Moderate
GHSA-h45p-w933-jxh3
was published
for
@aws-crypto/client-browser
(npm)
Jun 1, 2021
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
Improper Verification of Cryptographic Signature
Critical
GHSA-7r96-8g3x-g36m
was published
for
tenvoy
(npm)
Jun 28, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43571
was published
for
starkbank-ecdsa
(npm)
Nov 10, 2021
Signatures are mistakenly recognized to be valid in jsrsasign
Moderate
GHSA-h87q-g2wp-47pj
was published
for
jsrsasign
(npm)
Feb 9, 2022
Failure to validate signature during handshake
High
CVE-2022-24759
was published
for
@chainsafe/libp2p-noise
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24771
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24772
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in `node-forge`
Moderate
CVE-2022-24773
was published
for
node-forge
(npm)
Mar 18, 2022
Cisco node-jose improper validation of JWT signature
High
CVE-2018-0114
was published
for
node-jose
(npm)
May 13, 2022
JWS and JWT signature validation vulnerability with special characters
High
CVE-2022-25898
was published
for
jsrsasign
(npm)
Jun 25, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
High
CVE-2022-31172
was published
for
@openzeppelin/contracts
(npm)
Jul 21, 2022
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
High
CVE-2022-41340
was published
for
@lionello/secp256k1-js
(npm)
Sep 25, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Moderate
CVE-2022-23540
was published
for
jsonwebtoken
(npm)
Dec 22, 2022
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
ProTip!
Advisories are also available from the
GraphQL API