GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
28 advisories
Filter by severity
A improper verification of cryptographic signature vulnerability in plugin management in iota C...
Critical
Unreviewed
CVE-2024-52958
was published
Nov 27, 2024
An improper verification of cryptographic signature vulnerability was identified in GitHub...
Critical
Unreviewed
CVE-2024-9487
was published
Oct 11, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-6800
was published
Aug 20, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to...
Critical
Unreviewed
CVE-2024-32911
was published
Jun 13, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"...
Critical
Unreviewed
CVE-2024-36277
was published
Jun 17, 2024
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler...
Critical
Unreviewed
CVE-2023-28801
was published
Aug 31, 2023
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass...
Critical
Unreviewed
CVE-2019-1010161
was published
May 24, 2022
Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow...
Critical
Unreviewed
CVE-2019-1010263
was published
May 24, 2022
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 ...
Critical
Unreviewed
CVE-2023-25718
was published
Feb 13, 2023
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka...
Critical
Unreviewed
CVE-2023-44077
was published
Jan 17, 2024
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a...
Critical
Unreviewed
CVE-2024-21917
was published
Jan 31, 2024
An Improper Verification of Cryptographic Signature vulnerability in the update process of...
Critical
Unreviewed
CVE-2023-5347
was published
Jan 9, 2024
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade...
Critical
Unreviewed
CVE-2021-36226
was published
Feb 6, 2023
The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature...
Critical
Unreviewed
CVE-2022-23334
was published
Jan 30, 2023
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon...
Critical
Unreviewed
CVE-2017-18146
was published
May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine...
Critical
Unreviewed
CVE-2018-8955
was published
May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet...
Critical
Unreviewed
CVE-2018-5923
was published
May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2....
Critical
Unreviewed
CVE-2018-12356
was published
May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10...
Critical
Unreviewed
CVE-2017-2423
was published
May 13, 2022
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the...
Critical
Unreviewed
CVE-2017-3198
was published
May 13, 2022
HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers,...
Critical
Unreviewed
CVE-2019-6318
was published
May 13, 2022
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and...
Critical
Unreviewed
CVE-2021-20487
was published
May 24, 2022
An improper verification of cryptographic signature vulnerability exists in the Palo Alto...
Critical
Unreviewed
CVE-2021-3033
was published
May 24, 2022
Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082...
Critical
Unreviewed
CVE-2020-27540
was published
May 24, 2022
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass...
Critical
Unreviewed
CVE-2020-12676
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API