Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary... Moderate Unreviewed
CVE-2018-15587 was published May 14, 2022
A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019... Moderate Unreviewed
CVE-2018-18203 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16149 was published May 14, 2022
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x... Moderate Unreviewed
CVE-2018-0501 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16253 was published May 14, 2022
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature... Moderate Unreviewed
CVE-2018-16150 was published May 14, 2022
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary... Moderate Unreviewed
CVE-2018-10407 was published May 14, 2022
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on... Moderate Unreviewed
CVE-2018-0489 was published May 14, 2022
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on... Moderate Unreviewed
CVE-2018-0486 was published May 14, 2022
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK... Moderate Unreviewed
CVE-2017-8177 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... Moderate Unreviewed
CVE-2017-12333 was published May 17, 2022
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic... Moderate Unreviewed
CVE-2017-8190 was published May 17, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that... Moderate Unreviewed
CVE-2021-20156 was published Dec 31, 2021
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan... Moderate Unreviewed
CVE-2016-8021 was published May 17, 2022
There is a vulnerability of signature verification mechanism failure in system upgrade through... Moderate Unreviewed
CVE-2021-40045 was published Feb 11, 2022
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse... Moderate Unreviewed
CVE-2021-43393 was published Mar 5, 2022
Missing server signature validation in OctoberCMS Moderate
CVE-2022-23655 was published for october/system (Composer) Feb 24, 2022
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain... Moderate Unreviewed
CVE-2021-43392 was published Mar 5, 2022
It was found that Spacewalk, all versions through 2.8, did not safely compute client token... Moderate Unreviewed
CVE-2019-10136 was published May 24, 2022
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the... Moderate Unreviewed
CVE-2020-10759 was published May 24, 2022
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary... Moderate Unreviewed
CVE-2021-3521 was published Aug 23, 2022
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all... Moderate Unreviewed
CVE-2021-43074 was published Feb 16, 2023
russh may use insecure Diffie-Hellman keys Moderate
CVE-2023-28113 was published for russh (Rust) Mar 17, 2023
Holzhaus lambdafu
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... Moderate Unreviewed
CVE-2019-1809 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database