Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,680
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

403 advisories

Loading
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has... High Unreviewed
CVE-2023-34058 was published Oct 27, 2023
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack High
CVE-2023-46234 was published for browserify-sign (npm) Oct 26, 2023
roadicing ljharb
katzj
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... High Unreviewed
CVE-2023-28796 was published Oct 23, 2023
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on... Moderate Unreviewed
CVE-2023-28804 was published Oct 23, 2023
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an... High Unreviewed
CVE-2022-25333 was published Oct 19, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating... High Unreviewed
CVE-2023-43611 was published Oct 10, 2023
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure Moderate
CVE-2023-42811 was published for aes-gcm (Rust) Sep 22, 2023
nandita-v
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile... High Unreviewed
CVE-2023-40727 was published Sep 14, 2023
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated,... High Unreviewed
CVE-2023-20135 was published Sep 13, 2023
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated,... High Unreviewed
CVE-2023-20236 was published Sep 13, 2023
Local privilege escalation due to unrestricted loading of unsigned libraries. The following... High Unreviewed
CVE-2023-41744 was published Aug 31, 2023
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler... Critical Unreviewed
CVE-2023-28801 was published Aug 31, 2023
Archive spoofing vulnerability in borgbackup Moderate
CVE-2023-36811 was published for borgbackup (pip) Aug 30, 2023
ThomasWaldmann
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM),... High Unreviewed
CVE-2023-20266 was published Aug 30, 2023
Cleartext Signed Message Signature Spoofing in openpgp Moderate
CVE-2023-41037 was published for openpgp (npm) Aug 29, 2023
Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site... High Unreviewed
CVE-2023-23772 was published Aug 29, 2023
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio... High Unreviewed
CVE-2023-23773 was published Aug 29, 2023
Improper verification of applications' cryptographic signatures in the /e/OS app store client App... Moderate Unreviewed
CVE-2021-43171 was published Aug 22, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError Moderate
CVE-2023-40178 was published for @node-saml/node-saml (npm) Aug 21, 2023
jindazhao01
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this... High Unreviewed
CVE-2023-39392 was published Aug 13, 2023
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation... High Unreviewed
CVE-2023-39393 was published Aug 13, 2023
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows... High Unreviewed
CVE-2023-39211 was published Aug 9, 2023
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating... High Unreviewed
CVE-2023-38418 was published Aug 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database