Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Cargo did not verify SSH host keys Moderate
CVE-2022-46176 was published for cargo (Rust) Jan 10, 2023
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted... Moderate Unreviewed
CVE-2022-47549 was published Dec 19, 2022
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
A vulnerability in the software image verification functionality of Cisco IOS XE Software for... Moderate Unreviewed
CVE-2022-20944 was published Oct 11, 2022
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x... Moderate Unreviewed
CVE-2022-42010 was published Oct 10, 2022
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35113 was published Sep 3, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the... Moderate Unreviewed
CVE-2021-35097 was published Sep 3, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle... Moderate Unreviewed
CVE-2021-40326 was published Aug 29, 2022
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary... Moderate Unreviewed
CVE-2021-3521 was published Aug 23, 2022
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347... Moderate Unreviewed
CVE-2022-2790 was published Aug 20, 2022
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed
CVE-2019-8901 was published May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless... Moderate Unreviewed
CVE-2021-0152 was published May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed
CVE-2021-39909 was published May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed
CVE-2021-41831 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed
CVE-2021-34709 was published May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed
CVE-2021-23992 was published May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who... Moderate Unreviewed
CVE-2021-3421 was published May 24, 2022
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who... Moderate Unreviewed
CVE-2021-21474 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1136 was published May 24, 2022
Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when... Moderate Unreviewed
CVE-2021-1244 was published May 24, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the... Moderate Unreviewed
CVE-2018-18689 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database