Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in... High Unreviewed
CVE-2019-19962 was published May 24, 2022
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the... High Unreviewed
CVE-2019-16732 was published May 24, 2022
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a... High Unreviewed
CVE-2019-16992 was published May 24, 2022
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer... High Unreviewed
CVE-2019-11755 was published May 24, 2022
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated,... High Unreviewed
CVE-2019-12662 was published May 24, 2022
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an... High Unreviewed
CVE-2019-12649 was published May 24, 2022
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature... High Unreviewed
CVE-2019-5299 was published May 24, 2022
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of... High Unreviewed
CVE-2019-1010279 was published May 24, 2022
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can... High Unreviewed
CVE-2019-12269 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1813 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1812 was published May 24, 2022
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow... High Unreviewed
CVE-2019-1811 was published May 24, 2022
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and... High Unreviewed
CVE-2019-1728 was published May 24, 2022
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions High Unreviewed
CVE-2014-3585 was published May 17, 2022
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks High
CVE-2013-4346 was published for oauth2 (pip) May 17, 2022
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux... High Unreviewed
CVE-2014-9934 was published May 17, 2022
A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to... High Unreviewed
CVE-2017-12331 was published May 17, 2022
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in... High Unreviewed
CVE-2017-16853 was published May 14, 2022
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth... High Unreviewed
CVE-2017-16852 was published May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI... High Unreviewed
CVE-2017-17847 was published May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation High
CVE-2018-7711 was published for simplesamlphp/saml2 (Composer) May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block... High Unreviewed
CVE-2018-3756 was published May 14, 2022
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA... High Unreviewed
CVE-2018-15836 was published May 14, 2022
SimpleSAMLphp Signature validation bypass High
CVE-2017-18122 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database