GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Docker Notary Signature Algorithm Not Matched to Key vulnerability
High
CVE-2015-9258
was published
for
github.com/docker/notary
(Go)
May 14, 2022
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
High
CVE-2017-1000452
was published
for
samlify
(npm)
Jan 4, 2018
Improper Verification of Cryptographic Signature in PySAML2
High
CVE-2020-5390
was published
for
pysaml2
(pip)
May 6, 2020
Improper Verification of Cryptographic Signature in matrix-synapse
High
CVE-2019-18835
was published
for
matrix-synapse
(pip)
May 24, 2022
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
High
CVE-2021-44878
was published
for
org.pac4j:pac4j-oidc
(Maven)
Jan 8, 2022
Wizkunde SAMLBase SAML Bypass
High
CVE-2018-5387
was published
for
gogentooss/samlbase
(Composer)
May 13, 2022
Matrix Synapse Improper Signature Validation
High
CVE-2018-16515
was published
for
matrix-synapse
(pip)
May 13, 2022
Cisco node-jose improper validation of JWT signature
High
CVE-2018-0114
was published
for
node-jose
(npm)
May 13, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2023-41744
was published
Aug 31, 2023
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
Local privilege escalation due to unrestricted loading of unsigned libraries. The following...
High
Unreviewed
CVE-2022-4418
was published
May 18, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has...
High
Unreviewed
CVE-2023-34058
was published
Oct 27, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution...
High
Unreviewed
CVE-2023-5747
was published
Nov 13, 2023
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local...
High
Unreviewed
CVE-2021-31841
was published
May 24, 2022
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to...
High
Unreviewed
CVE-2021-31847
was published
May 24, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24772
was published
for
node-forge
(npm)
Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge
High
CVE-2022-24771
was published
for
node-forge
(npm)
Mar 18, 2022
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23432
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23436
was published
Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation...
High
Unreviewed
CVE-2023-23431
was published
Dec 29, 2023
free5GC udm vulnerable to Invalid Curve Attack
High
CVE-2023-46324
was published
for
github.com/free5gc/udm
(Go)
Oct 23, 2023
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM),...
High
Unreviewed
CVE-2023-20266
was published
Aug 30, 2023
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated,...
High
Unreviewed
CVE-2023-20135
was published
Sep 13, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,...
High
Unreviewed
CVE-2023-20236
was published
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API