Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

415 advisories

Loading
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
HTTPS MitM vulnerability due to lack of hostname verification Moderate
CVE-2016-10932 was published for hyper (Rust) Aug 25, 2021
tdunlap607
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Improper Verification of Cryptographic Signature Critical
GHSA-7r96-8g3x-g36m was published for tenvoy (npm) Jun 28, 2021
Improper Verification of Cryptographic Signature Critical
CVE-2021-32685 was published for tenvoy (npm) Jun 21, 2021
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow Critical
CVE-2021-22160 was published for org.apache.pulsar:pulsar (Maven) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript Moderate
GHSA-h45p-w933-jxh3 was published for @aws-crypto/client-browser (npm) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli Moderate
GHSA-89v2-g37m-g3ff was published for aws-encryption-sdk-cli (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk Moderate
GHSA-x5h4-9gqw-942j was published for aws-encryption-sdk (pip) Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
GHSA-55xh-53m6-936r was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jun 1, 2021
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass Moderate
CVE-2020-15216 was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Missing validation of JWT signature in `ManyDesigns/Portofino` Critical
CVE-2021-29451 was published for com.manydesigns:portofino-core (Maven) Apr 19, 2021
intrigus-lgtm
RSA signature validation vulnerability on maleable encoded message in jsrsasign Critical
CVE-2021-30246 was published for jsrsasign (npm) Apr 16, 2021
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Signature validation bypass in ServiceStack Moderate
CVE-2020-28042 was published for ServiceStack (NuGet) Jan 13, 2021
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
ProTip! Advisories are also available from the GraphQL API