Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

53 advisories

Loading
Signature Verification Bypass in jwt-simple High
GHSA-8v5f-hp78-jgxq was published for jwt-simple (npm) Jun 6, 2019
Message Signature Bypass in openpgp High
CVE-2019-9153 was published for openpgp (npm) Aug 23, 2019
Improper Key Verification in openpgp High
CVE-2019-9154 was published for openpgp (npm) Aug 23, 2019
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Failure to validate signature during handshake High
CVE-2022-24759 was published for @chainsafe/libp2p-noise (npm) Mar 18, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT High
CVE-2017-12974 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
Signature bypass via multiple root elements High
CVE-2022-39299 was published for @node-saml/node-saml (npm) Oct 12, 2022
felixwilhelm
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
Signature bypass via multiple root elements High
CVE-2022-39300 was published for node-saml (npm) Oct 12, 2022
felixwilhelm
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
Signature wrapping vulnerability in Spring Security High
CVE-2020-5407 was published for org.springframework.security:spring-security-core (Maven) Jun 5, 2020
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact High
CVE-2021-20319 was published for coreos-installer (Rust) Oct 12, 2021
raballew bgilbert
Improper Verification of Cryptographic Signature in Apache Netbeans High
CVE-2019-17561 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
Improper verification of signature threshold in tough High
CVE-2020-15093 was published for tough (Rust) Aug 25, 2021
Improper Verification of Cryptographic Signature in golang.org/x/crypto High
CVE-2020-9283 was published for golang.org/x/crypto (Go) May 18, 2021
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
Regression in JWT Signature Validation High
CVE-2020-15240 was published for omniauth-auth0 (RubyGems) Nov 3, 2020
Failure to properly verify ed25519 signatures in libp2p-core High
CVE-2019-15545 was published for libp2p-core (Rust) Aug 25, 2021
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API