Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

435 advisories

Loading
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
eduarddfinity AlexV525
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity Moderate
CVE-2024-52813 was published for matrix-sdk-crypto (Rust) Jan 7, 2025
An improper verification of cryptographic signature vulnerability was identified in GitHub... Moderate Unreviewed
CVE-2025-23369 was published Jan 21, 2025
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned... Moderate Unreviewed
CVE-2024-7344 was published Jan 14, 2025
Improper Verification of Cryptographic Signature in starkbank-ecdsa Critical
CVE-2021-43570 was published for com.starkbank.ellipticcurve:starkbank-ecdsa (Maven) Nov 10, 2021
tdunlap607 binary-1024
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider Low
CVE-2025-23206 was published for aws-cdk-lib (npm) Jan 17, 2025
Signature forgery in Spring Boot's Loader High
CVE-2024-38807 was published for org.springframework.boot:spring-boot-loader (Maven) Aug 23, 2024
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and... High Unreviewed
CVE-2024-13172 was published Jan 14, 2025
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Windows Cryptographic Services Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-26228 was published Apr 9, 2024
Elliptic's verify function omits uniqueness validation Low
CVE-2024-48949 was published for elliptic (npm) Oct 10, 2024
Markus-MS
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak High
CVE-2024-8698 was published for org.keycloak:keycloak-saml-core (Maven) Oct 14, 2024
Chetven
Duplicate Advisory: Keycloak SAML signature validation flaw Moderate
GHSA-4xx7-2cx3-x473 was published for org.keycloak:keycloak-saml-core (Maven) Sep 19, 2024 withdrawn
Valid ECDSA signatures erroneously rejected in Elliptic Low
CVE-2024-48948 was published for elliptic (npm) Oct 15, 2024
martincostello IchordeDionysos
A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially... High Unreviewed
CVE-2024-42220 was published Dec 19, 2024
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of... High Unreviewed
CVE-2024-41138 was published Dec 19, 2024
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work... High Unreviewed
CVE-2024-41145 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially... High Unreviewed
CVE-2024-39804 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094... High Unreviewed
CVE-2024-42004 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted... High Unreviewed
CVE-2024-43106 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted... High Unreviewed
CVE-2024-41165 was published Dec 19, 2024
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially... High Unreviewed
CVE-2024-41159 was published Dec 19, 2024
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are... Moderate Unreviewed
CVE-2024-21988 was published Jun 15, 2024
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A... High Unreviewed
CVE-2024-22461 was published Dec 13, 2024
sigstore-java has vulnerability with bundle verification Moderate
CVE-2024-53267 was published for dev.sigstore:sigstore-java (Maven) Nov 26, 2024
loosebazooka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database