GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
387 advisories
Filter by severity
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on...
Moderate
Unreviewed
CVE-2018-0489
was published
May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability
High
CVE-2015-9258
was published
for
github.com/docker/notary
(Go)
May 14, 2022
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon...
Critical
Unreviewed
CVE-2017-18146
was published
May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block...
High
Unreviewed
CVE-2018-3756
was published
May 14, 2022
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary...
Moderate
Unreviewed
CVE-2018-10407
was published
May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature...
Moderate
Unreviewed
CVE-2018-16253
was published
May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature...
Moderate
Unreviewed
CVE-2018-16150
was published
May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA...
High
Unreviewed
CVE-2018-15836
was published
May 14, 2022
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x...
Moderate
Unreviewed
CVE-2018-0501
was published
May 14, 2022
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine...
Critical
Unreviewed
CVE-2018-8955
was published
May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature...
Moderate
Unreviewed
CVE-2018-16149
was published
May 14, 2022
A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019...
Moderate
Unreviewed
CVE-2018-18203
was published
May 14, 2022
In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet...
Critical
Unreviewed
CVE-2018-5923
was published
May 14, 2022
SimpleSAMLphp Signature validation bypass
High
CVE-2017-18122
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature...
High
Unreviewed
CVE-2017-17848
was published
May 14, 2022
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2....
Critical
Unreviewed
CVE-2018-12356
was published
May 14, 2022
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages...
Moderate
Unreviewed
CVE-2018-15586
was published
May 14, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control...
High
Unreviewed
CVE-2018-12019
was published
May 14, 2022
RubyGems Improper Verification of Cryptographic Signature vulnerability
Critical
CVE-2018-1000076
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary...
Moderate
Unreviewed
CVE-2018-15587
was published
May 14, 2022
SimpleSAMLphp Improper Verification of Cryptographic Signature
High
CVE-2018-7644
was published
for
simplesamlphp/saml2
(Composer)
May 13, 2022
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High...
Moderate
Unreviewed
CVE-2018-5383
was published
May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows...
High
Unreviewed
CVE-2018-18653
was published
May 13, 2022
Matrix Synapse Improper Signature Validation
High
CVE-2018-16515
was published
for
matrix-synapse
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API