GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
387 advisories
Filter by severity
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based ...
High
Unreviewed
CVE-2021-34433
was published
May 24, 2022
A vulnerability in the image verification function of Cisco Expressway Series and Cisco...
High
Unreviewed
CVE-2021-34715
was published
May 24, 2022
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ...
High
Unreviewed
CVE-2021-22708
was published
May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self...
Moderate
Unreviewed
CVE-2021-23992
was published
May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX)...
High
Unreviewed
CVE-2021-22735
was published
May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who...
Moderate
Unreviewed
CVE-2021-3421
was published
May 24, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the...
High
Unreviewed
CVE-2022-41669
was published
Nov 4, 2022
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0...
High
Unreviewed
CVE-2021-3196
was published
May 24, 2022
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco...
High
Unreviewed
CVE-2021-1376
was published
May 24, 2022
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
High
Unreviewed
CVE-2021-28091
was published
May 24, 2022
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Critical
CVE-2021-22160
was published
for
org.apache.pulsar:pulsar
(Maven)
Jun 1, 2021
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX)...
High
Unreviewed
CVE-2021-22734
was published
May 24, 2022
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and...
Critical
Unreviewed
CVE-2021-20487
was published
May 24, 2022
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This...
High
Unreviewed
CVE-2021-3445
was published
May 24, 2022
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any...
High
Unreviewed
CVE-2021-33054
was published
May 24, 2022
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-36285
was published
May 24, 2022
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco...
High
Unreviewed
CVE-2021-1375
was published
May 24, 2022
Possible authentication bypass due to improper order of signature verification and hashing in the...
Moderate
Unreviewed
CVE-2021-35097
was published
Sep 3, 2022
The Portable Document Format (PDF) specification does not provide any information regarding the...
Moderate
Unreviewed
CVE-2018-18688
was published
May 24, 2022
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of...
High
Unreviewed
CVE-2020-36284
was published
May 24, 2022
A vulnerability in the software image verification functionality of Cisco IOS XE Software for the...
High
Unreviewed
CVE-2021-1453
was published
May 24, 2022
An improper verification of cryptographic signature vulnerability exists in the Palo Alto...
Critical
Unreviewed
CVE-2021-3033
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API