Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

383 advisories

Loading
Keycloak SAML signature validation flaw High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for... High Unreviewed
CVE-2023-34120 was published Jun 13, 2023
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document... High Unreviewed
CVE-2024-7788 was published Sep 17, 2024
Improper Verification of Cryptographic Signature in django-rest-registration Critical
CVE-2019-13177 was published for django-rest-registration (pip) Jul 2, 2019
peterthomassen
Incorrect signature verification in django-ses Moderate
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Improper Verification of Cryptographic Signature in ansible High
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware... High Unreviewed
CVE-2023-52043 was published Apr 4, 2024
Gentoo Portage missing PGP validation of executed code High
CVE-2016-20021 was published for portage (pip) Jan 12, 2024
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when... Critical Unreviewed
CVE-2024-6800 was published Aug 20, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
ProTip! Advisories are also available from the GraphQL API