GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
429 advisories
Filter by severity
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
High
CVE-2024-8698
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Oct 14, 2024
SSOReady has an XML Signature Bypass via differential XML parsing
Critical
CVE-2024-47832
was published
for
github.com/ssoready/ssoready
(Go)
Oct 11, 2024
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could...
High
Unreviewed
CVE-2024-8531
was published
Oct 11, 2024
An improper verification of cryptographic signature vulnerability was identified in GitHub...
Critical
Unreviewed
CVE-2024-9487
was published
Oct 11, 2024
Elliptic's verify function omits uniqueness validation
Low
CVE-2024-48949
was published
for
elliptic
(npm)
Oct 10, 2024
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability...
Moderate
Unreviewed
CVE-2024-23960
was published
Sep 28, 2024
Improper verification of cryptographic signature during installation of a VPN driver via the...
High
Unreviewed
CVE-2024-7479
was published
Sep 25, 2024
Improper verification of cryptographic signature during installation of a Printer driver via the...
High
Unreviewed
CVE-2024-7481
was published
Sep 25, 2024
Duplicate Advisory: Keycloak SAML signature validation flaw
Moderate
GHSA-4xx7-2cx3-x473
was published
for
org.keycloak:keycloak-saml-core
(Maven)
Sep 19, 2024
•
withdrawn
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Low
CVE-2024-45384
was published
for
org.apache.druid.extensions:druid-pac4j
(Maven)
Sep 17, 2024
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document...
High
Unreviewed
CVE-2024-7788
was published
Sep 17, 2024
whatsapp-api-js fails to validate message's signature
Moderate
CVE-2024-45607
was published
for
whatsapp-api-js
(npm)
Sep 12, 2024
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Critical
GHSA-cvp8-5r8g-fhvq
was published
for
omniauth-saml
(RubyGems)
Sep 11, 2024
SAML authentication bypass via Incorrect XPath selector
Critical
CVE-2024-45409
was published
for
ruby-saml
(RubyGems)
Sep 10, 2024
Adyen APIs Library for Python timing attack vulnerability
Moderate
GHSA-f3q4-ggfp-jv34
was published
for
Adyen
(pip)
Aug 30, 2024
Hyperledger Indy's update process of a DID does not check who signs the request
High
CVE-2020-11093
was published
for
indy-node
(pip)
Aug 30, 2024
Signature forgery in Spring Boot's Loader
High
CVE-2024-38807
was published
for
org.springframework.boot:spring-boot-loader
(Maven)
Aug 23, 2024
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when...
Critical
Unreviewed
CVE-2024-6800
was published
Aug 20, 2024
The Zscaler Updater process does not validate the digital signature of the installer before...
Moderate
Unreviewed
CVE-2024-23460
was published
Aug 6, 2024
An Improper Validation of signature in Zscaler Client Connector on Windows allows an...
Moderate
Unreviewed
CVE-2023-28806
was published
Aug 6, 2024
Anti-tampering can be disabled under certain conditions without signature validation. This...
High
Unreviewed
CVE-2024-23456
was published
Aug 6, 2024
Elliptic's EDDSA missing signature length check
Low
CVE-2024-42459
was published
for
elliptic
(npm)
Aug 2, 2024
Elliptic allows BER-encoded signatures
Low
CVE-2024-42461
was published
for
elliptic
(npm)
Aug 2, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables...
Moderate
Unreviewed
CVE-2024-41258
was published
Jul 31, 2024
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()...
Moderate
Unreviewed
CVE-2024-41254
was published
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API