Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

387 advisories

Loading
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege... High Unreviewed
CVE-2023-50228 was published May 3, 2024
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This... High Unreviewed
CVE-2024-23480 was published May 1, 2024
SimpleSAMLphp Improper Verification of Cryptographic Signature High
CVE-2018-7644 was published for simplesamlphp/saml2 (Composer) May 13, 2022
SimpleSAMLphp Signature validation bypass High
CVE-2017-18122 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient Moderate
CVE-2014-3577 was published for org.apache.httpcomponents:httpclient (Maven) Oct 17, 2018
MarkLee131
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160,... Moderate Unreviewed
CVE-2019-5300 was published May 24, 2022
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird... Moderate Unreviewed
CVE-2018-18509 was published May 24, 2022
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only... Moderate Unreviewed
CVE-2018-12556 was published May 24, 2022
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-28804 was published Oct 23, 2023
A vulnerability in software image verification in Cisco IOS XE Software could allow an... High Unreviewed
CVE-2020-3209 was published May 24, 2022
Secure Boot Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-26194 was published Apr 9, 2024
google-oauth-java-client improperly verifies cryptographic signature High
CVE-2021-22573 was published for com.google.oauth-client:google-oauth-client (Maven) Apr 9, 2024
TimurSadykov
Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client High
GHSA-xh97-72ww-2w58 was published for com.google.oauth-client:google-oauth-client (Maven) May 4, 2022 withdrawn
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... High Unreviewed
CVE-2023-28796 was published Oct 23, 2023
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an... High Unreviewed
CVE-2022-25333 was published Oct 19, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating... High Unreviewed
CVE-2023-43611 was published Oct 10, 2023
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile... High Unreviewed
CVE-2023-40727 was published Sep 14, 2023
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler... Critical Unreviewed
CVE-2023-28801 was published Aug 31, 2023
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio... High Unreviewed
CVE-2023-23773 was published Aug 29, 2023
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site... High Unreviewed
CVE-2023-23772 was published Aug 29, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App... Moderate Unreviewed
CVE-2021-43171 was published Aug 22, 2023
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this... High Unreviewed
CVE-2023-39392 was published Aug 13, 2023
ProTip! Advisories are also available from the GraphQL API