Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

8 advisories

Loading
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm Credited to intrigus-lgtm
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow Critical
CVE-2021-22160 was published for org.apache.pulsar:pulsar (Maven) Jun 1, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank.ellipticcurve:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607 Credited to tdunlap607 and binary-1024 binary-1024 binary-1024
Missing certificate validation in Apache JMeter Critical
CVE-2018-1287 was published for org.apache.jmeter:ApacheJMeter (Maven) May 13, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability Critical
CVE-2018-1000076 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Credited to avivdolev and Churro Churro Churro
pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT Critical
CVE-2026-29000 was published for org.pac4j:pac4j-jwt (Maven) Mar 5, 2026
fritzdal Credited to fritzdal
Security feature bypass vulnerability in Azure Key Vault Keys library for Java Critical
CVE-2026-33117 was published for com.azure:azure-security-keyvault-keys (Maven) May 12, 2026
scottaddie Credited to scottaddie
ProTip! Advisories are also available from the GraphQL API