Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery High
CVE-2022-41340 was published for @lionello/secp256k1-js (npm) Sep 25, 2022
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker... High Unreviewed
CVE-2022-38177 was published Sep 22, 2022
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker... High Unreviewed
CVE-2022-38178 was published Sep 22, 2022
Dendrite signature checks not applied to some retrieved missing events High
CVE-2022-39200 was published for github.com/matrix-org/dendrite (Go) Sep 15, 2022
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains... High Unreviewed
CVE-2022-28751 was published Aug 18, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers High
CVE-2022-31172 was published for @openzeppelin/contracts (npm) Jul 21, 2022
JWS and JWT signature validation vulnerability with special characters High
CVE-2022-25898 was published for jsrsasign (npm) Jun 25, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application... High Unreviewed
CVE-2022-1739 was published Jun 25, 2022
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify... High Unreviewed
CVE-2021-34420 was published May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge... High Unreviewed
CVE-2021-37127 was published May 24, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a... High Unreviewed
CVE-2021-41830 was published May 24, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source... High Unreviewed
CVE-2021-41832 was published May 24, 2022
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for... High Unreviewed
CVE-2021-29108 was published May 24, 2022
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to... High Unreviewed
CVE-2021-31847 was published May 24, 2022
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local... High Unreviewed
CVE-2021-31841 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... High Unreviewed
CVE-2021-34708 was published May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in... High Unreviewed
CVE-2021-1849 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML... High Unreviewed
CVE-2021-3051 was published May 24, 2022
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based ... High Unreviewed
CVE-2021-34433 was published May 24, 2022
A vulnerability in the image verification function of Cisco Expressway Series and Cisco... High Unreviewed
CVE-2021-34715 was published May 24, 2022
Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper... High Unreviewed
CVE-2021-36277 was published May 24, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ... High Unreviewed
CVE-2021-22708 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database