Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

244 advisories

Loading
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
Credited to felixwilhelm
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed
CVE-2014-9934 was published May 17, 2022
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
Credited to felixwilhelm
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure... High Unreviewed
CVE-2021-1366 was published May 24, 2022
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of... High Unreviewed
CVE-2020-23533 was published May 24, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT High
CVE-2017-12974 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
An improper verification of the cryptographic signature of firmware updates of the B. Braun... High Unreviewed
CVE-2020-25166 was published Apr 15, 2022
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21,... High Unreviewed
CVE-2021-30066 was published Apr 5, 2022
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first... High Unreviewed
CVE-2015-3298 was published Mar 31, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies,... High Unreviewed
CVE-2021-32977 was published Apr 5, 2022
A firmware update vulnerability exists in the "update" firmware checks functionality of... High Unreviewed
CVE-2022-21134 was published Jan 29, 2022
Failure to validate signature during handshake High
CVE-2022-24759 was published for @chainsafe/libp2p-noise (npm) Mar 18, 2022
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Credited to tri-adam
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database