Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
Gentoo Portage missing PGP validation of executed code High
CVE-2016-20021 was published for portage (pip) Jan 12, 2024
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware... High Unreviewed
CVE-2023-52043 was published Apr 4, 2024
Improper Verification of Cryptographic Signature in ansible High
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Incorrect signature verification in django-ses Moderate
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
Improper Verification of Cryptographic Signature in django-rest-registration Critical
CVE-2019-13177 was published for django-rest-registration (pip) Jul 2, 2019
peterthomassen
Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document... High Unreviewed
CVE-2024-7788 was published Sep 17, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for... High Unreviewed
CVE-2023-34120 was published Jun 13, 2023
Improper privilege management in the installer for Zoom Desktop Client for Windows before version... Moderate Unreviewed
CVE-2024-24694 was published Apr 9, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5... Moderate Unreviewed
CVE-2024-27247 was published Apr 9, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated... Moderate Unreviewed
CVE-2023-49646 was published Dec 14, 2023
Improper Verification of Cryptographic Signature in Pure-Python ECDSA Critical
CVE-2019-14859 was published for ecdsa (pip) Apr 1, 2020
Improper Verification of Cryptographic Signature in fastecdsa High
CVE-2020-12607 was published for fastecdsa (pip) Oct 12, 2021
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database