Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

144 advisories

Loading
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Grafana Plugin signature bypass High
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks High
CVE-2013-4346 was published for oauth2 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database