GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Signatures are mistakenly recognized to be valid in jsrsasign
Moderate
GHSA-h87q-g2wp-47pj
was published
for
jsrsasign
(npm)
Feb 9, 2022
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
GHSA-55xh-53m6-936r
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Moderate
GHSA-x5h4-9gqw-942j
was published
for
aws-encryption-sdk
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Moderate
GHSA-89v2-g37m-g3ff
was published
for
aws-encryption-sdk-cli
(pip)
Jun 1, 2021
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Moderate
GHSA-h45p-w933-jxh3
was published
for
@aws-crypto/client-browser
(npm)
Jun 1, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Improper Verification of Cryptographic Signature in `node-forge`
Moderate
CVE-2022-24773
was published
for
node-forge
(npm)
Mar 18, 2022
Inadequate Encryption Strength in showdoc
Moderate
CVE-2021-3680
was published
for
showdoc/showdoc
(Composer)
Sep 1, 2021
Tendermint light client verification not taking into account chain ID
Moderate
CVE-2022-23507
was published
for
tendermint-light-client
(Rust)
Dec 14, 2022
Improper Verification of Cryptographic Signature in keycloak
Moderate
CVE-2019-10201
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 23, 2019
Signature validation bypass in ServiceStack
Moderate
CVE-2020-28042
was published
for
ServiceStack
(NuGet)
Jan 13, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
Missing server signature validation in OctoberCMS
Moderate
CVE-2022-23655
was published
for
october/system
(Composer)
Feb 24, 2022
SIF's Digital Signature Hash Algorithms Not Validated
Moderate
CVE-2022-39237
was published
for
github.com/sylabs/sif/v2
(Go)
Oct 6, 2022
russh may use insecure Diffie-Hellman keys
Moderate
CVE-2023-28113
was published
for
russh
(Rust)
Mar 17, 2023
HTTPS MitM vulnerability due to lack of hostname verification
Moderate
CVE-2016-10932
was published
for
hyper
(Rust)
Aug 25, 2021
Signature verification failure in Tendermint
Moderate
GHSA-f3w5-v9xx-rp8p
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
Json-jwt did not verify the cryptographic signature for data
Moderate
CVE-2018-1000539
was published
for
json-jwt
(RubyGems)
Jul 31, 2018
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
python-apt Does Not Check Hash Signature
Moderate
CVE-2019-15796
was published
for
python-apt
(pip)
May 24, 2022
Golang/x/crypto message forgery vulnerability
Moderate
CVE-2019-11841
was published
for
golang.org/x/crypto
(Go)
May 24, 2022
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Cleartext Signed Message Signature Spoofing in openpgp
Moderate
CVE-2023-41037
was published
for
openpgp
(npm)
Aug 29, 2023
Cargo did not verify SSH host keys
Moderate
CVE-2022-46176
was published
for
cargo
(Rust)
Jan 10, 2023
NATS TLS certificate common name validation bypass
Moderate
GHSA-wvc4-j7g5-4f79
was published
for
nats
(Rust)
Mar 27, 2023
ProTip!
Advisories are also available from the
GraphQL API