Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an... Moderate Unreviewed
CVE-2020-9525 was published May 24, 2022
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips... Moderate Unreviewed
CVE-2020-13645 was published May 24, 2022
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and ... Moderate Unreviewed
CVE-2020-8172 was published May 24, 2022
Improper Certificate Validation in Microsoft .NET Framework components Moderate
CVE-2018-8356 was published for System.Private.ServiceModel (NuGet) May 14, 2022
florelis skofman1
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Moderate Unreviewed
CVE-2020-8156 was published May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet... Moderate Unreviewed
CVE-2020-11580 was published May 24, 2022
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is... Moderate Unreviewed
CVE-2021-43767 was published Aug 26, 2022
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c... Moderate Unreviewed
CVE-2020-7042 was published May 24, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation Moderate
CVE-2022-33682 was published for org.apache.pulsar:pulsar-broker (Maven) Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation Moderate
CVE-2022-33681 was published for org.apache.pulsar:pulsar-client (Maven) Sep 25, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation... Moderate Unreviewed
CVE-2019-5537 was published May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,... Moderate Unreviewed
CVE-2019-5101 was published May 24, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation... Moderate Unreviewed
CVE-2019-5538 was published May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,... Moderate Unreviewed
CVE-2019-5102 was published May 24, 2022
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019... Moderate Unreviewed
CVE-2019-14334 was published May 24, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not... Moderate Unreviewed
CVE-2021-29726 was published May 18, 2022
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2013-10001 was published May 18, 2022
Jenkins CollabNet Plugin man in the middle vulnerability Moderate
CVE-2018-1000605 was published for org.jenkins-ci.plugins:collabnet (Maven) May 14, 2022
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8... Moderate Unreviewed
CVE-2014-3394 was published May 17, 2022
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS... Moderate Unreviewed
CVE-2022-45419 was published Dec 22, 2022
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers... Moderate Unreviewed
CVE-2020-17366 was published May 24, 2022
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate... Moderate Unreviewed
CVE-2020-14981 was published May 24, 2022
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate... Moderate Unreviewed
CVE-2020-14980 was published May 24, 2022
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification... Moderate Unreviewed
CVE-2012-4948 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API