GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,019
Maven
5,000+
npm
3,727
NuGet
662
pip
3,405
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
High
CVE-2017-1000452
was published
for
samlify
(npm)
Jan 4, 2018
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
High
CVE-2016-1000342
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Signature Verification Bypass in jwt-simple
High
GHSA-8v5f-hp78-jgxq
was published
for
jwt-simple
(npm)
Jun 6, 2019
Improper Key Verification in openpgp
High
CVE-2019-9154
was published
for
openpgp
(npm)
Aug 23, 2019
Signature validation bypass in XmlSecLibs
High
CVE-2019-3465
was published
for
robrichards/xmlseclibs
(Composer)
Nov 8, 2019
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
Signature wrapping vulnerability in Spring Security
High
CVE-2020-5407
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 5, 2020
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
Regression in JWT Signature Validation
High
CVE-2020-15240
was published
for
omniauth-auth0
(RubyGems)
Nov 3, 2020
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
Failure to properly verify ed25519 signatures in libp2p-core
High
CVE-2019-15545
was published
for
libp2p-core
(Rust)
Aug 25, 2021
Improper verification of signature threshold in tough
High
CVE-2020-15093
was published
for
tough
(Rust)
Aug 25, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
High
CVE-2021-20319
was published
for
coreos-installer
(Rust)
Oct 12, 2021
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
High
CVE-2021-44878
was published
for
org.pac4j:pac4j-oidc
(Maven)
Jan 8, 2022
Failure to validate signature during handshake
High
CVE-2022-24759
was published
for
@chainsafe/libp2p-noise
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24771
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24772
was published
for
node-forge
(npm)
Mar 18, 2022
SaltStack Improper Verification of Cryptographic Signature
High
CVE-2022-22934
was published
for
salt
(pip)
Mar 30, 2022
ProTip!
Advisories are also available from the
GraphQL API