GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Moderate
GHSA-x5h4-9gqw-942j
was published
for
aws-encryption-sdk
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Moderate
GHSA-89v2-g37m-g3ff
was published
for
aws-encryption-sdk-cli
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Moderate
GHSA-h45p-w933-jxh3
was published
for
@aws-crypto/client-browser
(npm)
Jun 1, 2021
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Critical
CVE-2021-22160
was published
for
org.apache.pulsar:pulsar
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature
Critical
CVE-2021-32685
was published
for
tenvoy
(npm)
Jun 21, 2021
Improper Verification of Cryptographic Signature
Critical
GHSA-7r96-8g3x-g36m
was published
for
tenvoy
(npm)
Jun 28, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
HTTPS MitM vulnerability due to lack of hostname verification
Moderate
CVE-2016-10932
was published
for
hyper
(Rust)
Aug 25, 2021
Failure to properly verify ed25519 signatures in libp2p-core
High
CVE-2019-15545
was published
for
libp2p-core
(Rust)
Aug 25, 2021
Improper verification of signature threshold in tough
High
CVE-2020-15093
was published
for
tough
(Rust)
Aug 25, 2021
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
High
CVE-2021-20319
was published
for
coreos-installer
(Rust)
Oct 12, 2021
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43572
was published
for
starkbank-ecdsa
(pip)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43570
was published
for
com.starkbank:starkbank-ecdsa
(Maven)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43569
was published
for
starkbank-ecdsa
(NuGet)
Nov 10, 2021
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Critical
CVE-2021-43571
was published
for
starkbank-ecdsa
(npm)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API