GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
403 advisories
Filter by severity
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i...
Moderate
Unreviewed
CVE-2020-13101
was published
May 24, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle...
Moderate
Unreviewed
CVE-2021-40326
was published
Aug 29, 2022
Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper...
High
Unreviewed
CVE-2021-36277
was published
May 24, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
High
CVE-2020-14966
was published
for
jsrsasign
(npm)
Jun 26, 2020
This issue was addressed by verifying host keys when connecting to a previously-known SSH server....
Moderate
Unreviewed
CVE-2019-8901
was published
May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless...
Moderate
Unreviewed
CVE-2021-0152
was published
May 24, 2022
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify...
High
Unreviewed
CVE-2021-34420
was published
May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab...
Moderate
Unreviewed
CVE-2021-39909
was published
May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge...
High
Unreviewed
CVE-2021-37127
was published
May 24, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application...
High
Unreviewed
CVE-2022-1739
was published
Jun 25, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a...
High
Unreviewed
CVE-2021-41830
was published
May 24, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source...
High
Unreviewed
CVE-2021-41832
was published
May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of...
Moderate
Unreviewed
CVE-2021-41831
was published
May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in...
High
Unreviewed
CVE-2021-1849
was published
May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)...
Moderate
Unreviewed
CVE-2021-34709
was published
May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)...
High
Unreviewed
CVE-2021-34708
was published
May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML...
High
Unreviewed
CVE-2021-3051
was published
May 24, 2022
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based ...
High
Unreviewed
CVE-2021-34433
was published
May 24, 2022
A vulnerability in the image verification function of Cisco Expressway Series and Cisco...
High
Unreviewed
CVE-2021-34715
was published
May 24, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ...
High
Unreviewed
CVE-2021-22708
was published
May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self...
Moderate
Unreviewed
CVE-2021-23992
was published
May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX)...
High
Unreviewed
CVE-2021-22735
was published
May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who...
Moderate
Unreviewed
CVE-2021-3421
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API