Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

381 advisories

Loading
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability Low
CVE-2024-45384 was published for org.apache.druid.extensions:druid-pac4j (Maven) Sep 17, 2024
Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document... High Unreviewed
CVE-2024-7788 was published Sep 17, 2024
whatsapp-api-js fails to validate message's signature Moderate
CVE-2024-45607 was published for whatsapp-api-js (npm) Sep 12, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature Critical
GHSA-cvp8-5r8g-fhvq was published for omniauth-saml (RubyGems) Sep 11, 2024
ahacker1-securesaml suprnova32
rajiv bufferoverflow
SAML authentication bypass via Incorrect XPath selector Critical
CVE-2024-45409 was published for ruby-saml (RubyGems) Sep 10, 2024
ahacker1-securesaml
Adyen APIs Library for Python timing attack vulnerability Moderate
GHSA-f3q4-ggfp-jv34 was published for Adyen (pip) Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
Signature forgery in Spring Boot's Loader Moderate
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when... Critical Unreviewed
CVE-2024-6800 was published Aug 20, 2024
The Zscaler Updater process does not validate the digital signature of the installer before... Moderate Unreviewed
CVE-2024-23460 was published Aug 6, 2024
An Improper Validation of signature in Zscaler Client Connector on Windows allows an... Moderate Unreviewed
CVE-2023-28806 was published Aug 6, 2024
Anti-tampering can be disabled under certain conditions without signature validation. This... High Unreviewed
CVE-2024-23456 was published Aug 6, 2024
Elliptic allows BER-encoded signatures Low
CVE-2024-42461 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to... Moderate Unreviewed
CVE-2024-5912 was published Jul 10, 2024
Windows Enroll Engine Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-38069 was published Jul 9, 2024
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x... High Unreviewed
CVE-2023-34435 was published Jul 8, 2024
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an... High Unreviewed
CVE-2024-37532 was published Jun 20, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"... Critical Unreviewed
CVE-2024-36277 was published Jun 17, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
ProTip! Advisories are also available from the GraphQL API