GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
33 advisories
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
Valid ECDSA signatures erroneously rejected in Elliptic
Low
CVE-2024-48948
was published
for
elliptic
(npm)
Oct 15, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
High
CVE-2023-46234
was published
for
browserify-sign
(npm)
Oct 26, 2023
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
Moderate
CVE-2023-40178
was published
for
@node-saml/node-saml
(npm)
Aug 21, 2023
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
High
CVE-2017-1000452
was published
for
samlify
(npm)
Jan 4, 2018
Signature verification vulnerability in Stark Bank ecdsa libraries
High
GHSA-9wx7-jrvc-28mm
was published
for
com.starkbank:ecdsa-java
(Maven)
Nov 8, 2021
Signature bypass via multiple root elements
High
CVE-2022-39300
was published
for
node-saml
(npm)
Oct 12, 2022
Signature bypass via multiple root elements
High
CVE-2022-39299
was published
for
@node-saml/node-saml
(npm)
Oct 12, 2022
ProTip!
Advisories are also available from the
GraphQL API