Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

7 advisories

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate High
CVE-2016-1000338 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
AndrzejBiernacki2010 SunBK201
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification High
CVE-2016-1000342 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values High
CVE-2016-1000343 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library... High Unreviewed
CVE-2016-4331 was published May 17, 2022
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from... High Unreviewed
CVE-2016-4330 was published May 17, 2022
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact... High Unreviewed
CVE-2016-4333 was published May 17, 2022
The library's failure to check if certain message types support a particular flag, the HDF5 1.8... High Unreviewed
CVE-2016-4332 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API