Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

403 advisories

Loading
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i... Moderate Unreviewed
CVE-2020-13101 was published May 24, 2022
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle... Moderate Unreviewed
CVE-2021-40326 was published Aug 29, 2022
Dell Command Update, Dell Update, and Alienware Update versions prior to 4.3 contains a Improper... High Unreviewed
CVE-2021-36277 was published May 24, 2022
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign High
CVE-2020-14966 was published for jsrsasign (npm) Jun 26, 2020
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.... Moderate Unreviewed
CVE-2019-8901 was published May 24, 2022
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless... Moderate Unreviewed
CVE-2021-0152 was published May 24, 2022
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify... High Unreviewed
CVE-2021-34420 was published May 24, 2022
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab... Moderate Unreviewed
CVE-2021-39909 was published May 24, 2022
There is a signature management vulnerability in some huawei products. An attacker can forge... High Unreviewed
CVE-2021-37127 was published May 24, 2022
The tested version of Dominion Voting Systems ImageCast X does not validate application... High Unreviewed
CVE-2022-1739 was published Jun 25, 2022
It is possible for an attacker to manipulate signed documents and macros to appear to come from a... High Unreviewed
CVE-2021-41830 was published May 24, 2022
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source... High Unreviewed
CVE-2021-41832 was published May 24, 2022
It is possible for an attacker to manipulate the timestamp of signed documents. All versions of... Moderate Unreviewed
CVE-2021-41831 was published May 24, 2022
An issue in code signature validation was addressed with improved checks. This issue is fixed in... High Unreviewed
CVE-2021-1849 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... Moderate Unreviewed
CVE-2021-34709 was published May 24, 2022
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS)... High Unreviewed
CVE-2021-34708 was published May 24, 2022
An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML... High Unreviewed
CVE-2021-3051 was published May 24, 2022
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based ... High Unreviewed
CVE-2021-34433 was published May 24, 2022
A vulnerability in the image verification function of Cisco Expressway Series and Cisco... High Unreviewed
CVE-2021-34715 was published May 24, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City ... High Unreviewed
CVE-2021-22708 was published May 24, 2022
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self... Moderate Unreviewed
CVE-2021-23992 was published May 24, 2022
Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX)... High Unreviewed
CVE-2021-22735 was published May 24, 2022
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who... Moderate Unreviewed
CVE-2021-3421 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database