Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

144 advisories

Loading
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
Incorrect threshold signature computation in TUF Critical
CVE-2020-6174 was published for tuf (pip) Aug 21, 2020
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Grafana Plugin signature bypass High
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
Incorrect signature verification in django-ses Low
CVE-2023-33185 was published for django-ses (pip) May 22, 2023
josephsurin
Improper Verification of Cryptographic Signature in ansible Moderate
CVE-2020-14365 was published for ansible (pip) Apr 20, 2021
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations Low
CVE-2024-51744 was published for github.com/golang-jwt/jwt/v4 (Go) Nov 4, 2024
yuligesec
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43572 was published for starkbank-ecdsa (pip) Nov 10, 2021
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Python RSA allows attackers to spoof signatures Moderate
CVE-2016-1494 was published for rsa (pip) May 14, 2022
svix vulnerable to Authentication Bypass Moderate
CVE-2024-21491 was published for svix (Rust) Feb 13, 2024
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
SAML XML Signature wrapping in PySAML2 Moderate
CVE-2021-21238 was published for pysaml2 (pip) Jan 21, 2021
VictorSG
Improper Verification of Cryptographic Signature in PySAML2 Moderate
CVE-2021-21239 was published for pysaml2 (pip) Jan 21, 2021
bawolff
SSOReady has an XML Signature Bypass via differential XML parsing Critical
CVE-2024-47832 was published for github.com/ssoready/ssoready (Go) Oct 11, 2024
ahacker1-securesaml
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature Moderate
CVE-2023-23940 was published for openzeppelin-cairo-contracts (pip) Feb 2, 2023
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks High
CVE-2013-4346 was published for oauth2 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API