Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

193 advisories

Loading
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
Credited to ebuchman and melekes
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification... Moderate Unreviewed
CVE-2024-2307 was published Mar 19, 2024
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
Hayden-IO
Credited to codysoyland, asraa, and Hayden-IO
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Credited to derhansen, bnf, and bmack
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
Credited to MarkLee131
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160,... Moderate Unreviewed
CVE-2019-5300 was published May 24, 2022
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird... Moderate Unreviewed
CVE-2018-18509 was published May 24, 2022
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only... Moderate Unreviewed
CVE-2018-12556 was published May 24, 2022
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-28804 was published Oct 23, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App... Moderate Unreviewed
CVE-2021-43171 was published Aug 22, 2023
Incorrect signature verification of the firmware during the Device Firmware Update process of... Moderate Unreviewed
CVE-2023-33768 was published Jul 13, 2023
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of... Moderate Unreviewed
CVE-2019-3738 was published May 24, 2022
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the... Moderate Unreviewed
CVE-2019-5592 was published May 24, 2022
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement... Moderate Unreviewed
CVE-2017-18407 was published May 24, 2022
Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client... Moderate Unreviewed
CVE-2019-9149 was published May 24, 2022
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier,... Moderate Unreviewed
CVE-2019-8338 was published May 24, 2022
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu... Moderate Unreviewed
CVE-2012-2092 was published Apr 23, 2022
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the... Moderate Unreviewed
CVE-2011-3374 was published Apr 22, 2022
Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag... Moderate Unreviewed
CVE-2005-2181 was published May 1, 2022
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not... Moderate Unreviewed
CVE-2002-1796 was published Apr 30, 2022
Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID,... Moderate Unreviewed
CVE-2005-2182 was published May 1, 2022
Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal... Moderate Unreviewed
CVE-2002-1706 was published Apr 30, 2022
A vulnerability exists in the Relion update package signature validation. A tampered update... Moderate Unreviewed
CVE-2022-3864 was published Jan 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database