Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

189 advisories

Loading
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed
CVE-2014-9934 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... High Unreviewed
CVE-2017-12331 was published May 17, 2022
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in... High Unreviewed
CVE-2017-16853 was published May 14, 2022
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth... High Unreviewed
CVE-2017-16852 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI... High Unreviewed
CVE-2017-17847 was published May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation High
CVE-2018-7711 was published for simplesamlphp/saml2 (Composer) May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block... High Unreviewed
CVE-2018-3756 was published May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
SimpleSAMLphp Signature validation bypass High
CVE-2017-18122 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature... High Unreviewed
CVE-2017-17848 was published May 14, 2022
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control... High Unreviewed
CVE-2018-12019 was published May 14, 2022
SimpleSAMLphp Improper Verification of Cryptographic Signature High
CVE-2018-7644 was published for simplesamlphp/saml2 (Composer) May 13, 2022
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows... High Unreviewed
CVE-2018-18653 was published May 13, 2022
Matrix Synapse Improper Signature Validation High
CVE-2018-16515 was published for matrix-synapse (pip) May 13, 2022
An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the... High Unreviewed
CVE-2018-10988 was published May 13, 2022
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and... High Unreviewed
CVE-2017-6445 was published May 13, 2022
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2... High Unreviewed
CVE-2017-11400 was published May 13, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2018-15374 was published May 13, 2022
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention ... High Unreviewed
CVE-2018-6664 was published May 13, 2022
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted... High Unreviewed
CVE-2018-7685 was published May 13, 2022
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT High
CVE-2017-12974 was published for com.nimbusds:nimbus-jose-jwt (Maven) May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16152 was published May 13, 2022
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and... High Unreviewed
CVE-2018-16151 was published May 13, 2022
Cisco node-jose improper validation of JWT signature High
CVE-2018-0114 was published for node-jose (npm) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database