Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames High
CVE-2017-1000452 was published for samlify (npm) Jan 4, 2018
eoftedal
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
Pac4j token validation bypass if OpenID Connect provider supports none algorithm High
CVE-2021-44878 was published for org.pac4j:pac4j-oidc (Maven) Jan 8, 2022
sharonbz
Wizkunde SAMLBase SAML Bypass High
CVE-2018-5387 was published for gogentooss/samlbase (Composer) May 13, 2022
Matrix Synapse Improper Signature Validation High
CVE-2018-16515 was published for matrix-synapse (pip) May 13, 2022
Cisco node-jose improper validation of JWT signature High
CVE-2018-0114 was published for node-jose (npm) May 13, 2022
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2023-41744 was published Aug 31, 2023
notation-go's verification bypass can cause users to verify the wrong artifact High
CVE-2023-33959 was published for github.com/notaryproject/notation-go (Go) Jun 6, 2023
AdamKorcz shizhMSFT
priteshbandi
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2022-4418 was published May 18, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has... High Unreviewed
CVE-2023-34058 was published Oct 27, 2023
Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution... High Unreviewed
CVE-2023-5747 was published Nov 13, 2023
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local... High Unreviewed
CVE-2021-31841 was published May 24, 2022
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to... High Unreviewed
CVE-2021-31847 was published May 24, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24772 was published for node-forge (npm) Mar 18, 2022
Improper Verification of Cryptographic Signature in node-forge High
CVE-2022-24771 was published for node-forge (npm) Mar 18, 2022
Some Honor products are affected by signature management vulnerability, successful exploitation... High Unreviewed
CVE-2023-23432 was published Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation... High Unreviewed
CVE-2023-23436 was published Dec 29, 2023
Some Honor products are affected by signature management vulnerability, successful exploitation... High Unreviewed
CVE-2023-23431 was published Dec 29, 2023
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
go-resolver's DNSSEC validation not performed correctly High
CVE-2022-3347 was published for github.com/peterzen/goresolver (Go) Dec 28, 2022
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM),... High Unreviewed
CVE-2023-20266 was published Aug 30, 2023
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated,... High Unreviewed
CVE-2023-20135 was published Sep 13, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,... High Unreviewed
CVE-2023-20236 was published Sep 13, 2023
ProTip! Advisories are also available from the GraphQL API