GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
Grafana Plugin signature bypass
High
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Laravel Reverb Missing API Signature Verification
High
CVE-2024-50347
was published
for
laravel/reverb
(Composer)
Oct 31, 2024
SaltStack Improper Verification of Cryptographic Signature
High
CVE-2022-22934
was published
for
salt
(pip)
Mar 30, 2022
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
Agent Dart is missing certificate verification checks
High
CVE-2024-48915
was published
for
agent_dart
(Pub)
Oct 15, 2024
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
GHSA-xgfv-xpx8-qhcr
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
Multiple cryptographic issues in Python oic
High
CVE-2020-26244
was published
for
oic
(pip)
Dec 4, 2020
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
High
CVE-2013-4346
was published
for
oauth2
(pip)
May 17, 2022
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Improper Verification of Cryptographic Signature in fastecdsa
High
CVE-2020-12607
was published
for
fastecdsa
(pip)
Oct 12, 2021
Gentoo Portage missing PGP validation of executed code
High
CVE-2016-20021
was published
for
portage
(pip)
Jan 12, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
High
CVE-2016-1000338
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
SimpleSAMLphp Improper Verification of Cryptographic Signature
High
CVE-2018-7644
was published
for
simplesamlphp/saml2
(Composer)
May 13, 2022
SimpleSAMLphp Signature validation bypass
High
CVE-2017-18122
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
google-oauth-java-client improperly verifies cryptographic signature
High
CVE-2021-22573
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Apr 9, 2024
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client
High
GHSA-xh97-72ww-2w58
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
May 4, 2022
•
withdrawn
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Signature validation bypass in XmlSecLibs
High
CVE-2019-3465
was published
for
robrichards/xmlseclibs
(Composer)
Nov 8, 2019
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
ProTip!
Advisories are also available from the
GraphQL API