Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
45
GitHub Actions
47
Go
3,309
Maven
5,000+
npm
5,000+
NuGet
876
pip
4,531
Pub
12
RubyGems
1,009
Rust
1,195
Swift
51
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010 and SunBK201 SunBK201 SunBK201
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode High
CVE-2016-1000352 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode High
CVE-2016-1000344 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 18, 2018
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
Code injection in Apache Ant High
CVE-2020-11979 was published for org.apache.ant:ant (Maven) Feb 3, 2021
cpropps-sysdig Credited to cpropps-sysdig and AndrzejBiernacki2010 AndrzejBiernacki2010 AndrzejBiernacki2010
XML External Entity (XXE) Injection in JDOM High
CVE-2021-33813 was published for org.jdom:jdom (Maven) Jul 27, 2021
paradoxengine Credited to paradoxengine and AndrzejBiernacki2010 AndrzejBiernacki2010 AndrzejBiernacki2010
Improper Restriction of XML External Entity Reference in iText High
CVE-2017-9096 was published for com.itextpdf:itextpdf (Maven) May 13, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
Untrusted code execution in Apache XML Graphics Batik High
CVE-2022-42890 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
Apache XML Graphics Batik vulnerable to code execution via SVG. High
CVE-2022-41704 was published for org.apache.xmlgraphics:batik (Maven) Oct 25, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) High
CVE-2023-26464 was published for log4j:log4j (Maven) Mar 10, 2023
jw123023 Credited to jw123023 and AndrzejBiernacki2010 AndrzejBiernacki2010 AndrzejBiernacki2010
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database