Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs High
CVE-2025-25305 was published for homeassistant (pip) Feb 18, 2025
ReneNulschDE
SaltStack Improper Verification of Cryptographic Signature High
CVE-2022-22934 was published for salt (pip) Mar 30, 2022
Improper Verification of Cryptographic Signature in PySAML2 High
CVE-2020-5390 was published for pysaml2 (pip) May 6, 2020
Multiple cryptographic issues in Python oic High
CVE-2020-26244 was published for oic (pip) Dec 4, 2020
F3r0C17Y mladevbb
CheariX
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks High
CVE-2013-4346 was published for oauth2 (pip) May 17, 2022
Improper Verification of Cryptographic Signature in matrix-synapse High
CVE-2019-18835 was published for matrix-synapse (pip) May 24, 2022
westonsteimel
Improper Verification of Cryptographic Signature in fastecdsa High
CVE-2020-12607 was published for fastecdsa (pip) Oct 12, 2021
Gentoo Portage missing PGP validation of executed code High
CVE-2016-20021 was published for portage (pip) Jan 12, 2024
Hyperledger Indy's update process of a DID does not check who signs the request High
CVE-2020-11093 was published for indy-node (pip) Aug 30, 2024
alexandredeleze
Authlib has algorithm confusion with asymmetric public keys High
CVE-2024-37568 was published for authlib (pip) Jun 9, 2024
Matrix Synapse Improper Signature Validation High
CVE-2018-16515 was published for matrix-synapse (pip) May 13, 2022
Signature verification vulnerability in Stark Bank ecdsa libraries High
GHSA-9wx7-jrvc-28mm was published for com.starkbank:ecdsa-java (Maven) Nov 8, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database