Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed
CVE-2021-23992 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed
CVE-2021-34709 was published May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed
CVE-2021-41831 was published May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed
CVE-2021-39909 was published May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless... Moderate Unreviewed
CVE-2021-0152 was published May 24, 2022
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed
CVE-2019-8901 was published May 24, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle... Moderate Unreviewed
CVE-2021-40326 was published Aug 29, 2022
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i... Moderate Unreviewed
CVE-2020-13101 was published May 24, 2022
Tendermint light client verification not taking into account chain ID Moderate
CVE-2022-23507 was published for tendermint-light-client (Rust) Dec 14, 2022
hu55a1n1 mzabaluev
plafer
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand... Moderate Unreviewed
CVE-2022-26510 was published May 13, 2022
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function... Moderate Unreviewed
CVE-2018-10470 was published May 13, 2022
Insufficient consistency checks in signature handling in the networking stack in Google Chrome... Moderate Unreviewed
CVE-2017-5066 was published May 13, 2022
Improper Verification of Cryptographic Signature in keycloak Moderate
CVE-2019-10201 was published for org.keycloak:keycloak-core (Maven) Sep 23, 2019
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019... Moderate Unreviewed
CVE-2018-16042 was published May 13, 2022
Signature validation bypass in ServiceStack Moderate
CVE-2020-28042 was published for ServiceStack (NuGet) Jan 13, 2021
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue... Moderate Unreviewed
CVE-2018-4111 was published May 13, 2022
BLS Signature "Malleability" Moderate
CVE-2021-21405 was published for github.com/filecoin-project/lotus (Go) May 21, 2021
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25... Moderate Unreviewed
CVE-2014-1498 was published May 13, 2022
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote... Moderate Unreviewed
CVE-2011-3965 was published May 13, 2022
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in... Moderate Unreviewed
CVE-2018-6459 was published May 13, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... Moderate Unreviewed
CVE-2019-1615 was published May 13, 2022
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up... Moderate Unreviewed
CVE-2017-15090 was published May 13, 2022
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an... Moderate Unreviewed
CVE-2016-9604 was published May 13, 2022
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High... Moderate Unreviewed
CVE-2018-5383 was published May 13, 2022
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages... Moderate Unreviewed
CVE-2018-15586 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database