Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

403 advisories

Loading
Elliptic's EDDSA missing signature length check Low
CVE-2024-42459 was published for elliptic (npm) Aug 2, 2024
BlazingWizard
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed
CVE-2024-41254 was published Jul 31, 2024
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to... Moderate Unreviewed
CVE-2024-5912 was published Jul 10, 2024
Windows Enroll Engine Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-38069 was published Jul 9, 2024
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x... High Unreviewed
CVE-2023-34435 was published Jul 8, 2024
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local... Moderate Unreviewed
CVE-2024-20892 was published Jul 2, 2024
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an... High Unreviewed
CVE-2024-37532 was published Jun 20, 2024
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client"... Critical Unreviewed
CVE-2024-36277 was published Jun 17, 2024
There is a possible escalation of privilege due to improperly used crypto. This could lead to... Critical Unreviewed
CVE-2024-32911 was published Jun 13, 2024
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows... Unknown Unreviewed
CVE-2024-1721 was published May 21, 2024
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for... Moderate Unreviewed
CVE-2024-27244 was published May 15, 2024
Grafana Plugin signature bypass Moderate
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege... High Unreviewed
CVE-2023-50228 was published May 3, 2024
A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This... High Unreviewed
CVE-2024-23480 was published May 1, 2024
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing Critical
CVE-2024-32962 was published for xml-crypto (npm) May 1, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Improper privilege management in the installer for Zoom Desktop Client for Windows before version... Moderate Unreviewed
CVE-2024-24694 was published Apr 9, 2024
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5... Moderate Unreviewed
CVE-2024-27247 was published Apr 9, 2024
Secure Boot Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-26194 was published Apr 9, 2024
google-oauth-java-client improperly verifies cryptographic signature High
CVE-2021-22573 was published for com.google.oauth-client:google-oauth-client (Maven) Apr 9, 2024
TimurSadykov
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware... High Unreviewed
CVE-2023-52043 was published Apr 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database