GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
478 advisories
Filter by severity
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an...
Moderate
Unreviewed
CVE-2020-9525
was published
May 24, 2022
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips...
Moderate
Unreviewed
CVE-2020-13645
was published
May 24, 2022
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and ...
Moderate
Unreviewed
CVE-2020-8172
was published
May 24, 2022
Improper Certificate Validation in Microsoft .NET Framework components
Moderate
CVE-2018-8356
was published
for
System.Private.ServiceModel
(NuGet)
May 14, 2022
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Moderate
Unreviewed
CVE-2020-8156
was published
May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet...
Moderate
Unreviewed
CVE-2020-11580
was published
May 24, 2022
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is...
Moderate
Unreviewed
CVE-2021-43767
was published
Aug 26, 2022
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c...
Moderate
Unreviewed
CVE-2020-7042
was published
May 24, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation...
Moderate
Unreviewed
CVE-2019-5537
was published
May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,...
Moderate
Unreviewed
CVE-2019-5101
was published
May 24, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation...
Moderate
Unreviewed
CVE-2019-5538
was published
May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,...
Moderate
Unreviewed
CVE-2019-5102
was published
May 24, 2022
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019...
Moderate
Unreviewed
CVE-2019-14334
was published
May 24, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not...
Moderate
Unreviewed
CVE-2021-29726
was published
May 18, 2022
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by...
Moderate
Unreviewed
CVE-2013-10001
was published
May 18, 2022
Jenkins CollabNet Plugin man in the middle vulnerability
Moderate
CVE-2018-1000605
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
May 14, 2022
The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8...
Moderate
Unreviewed
CVE-2014-3394
was published
May 17, 2022
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS...
Moderate
Unreviewed
CVE-2022-45419
was published
Dec 22, 2022
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers...
Moderate
Unreviewed
CVE-2020-17366
was published
May 24, 2022
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate...
Moderate
Unreviewed
CVE-2020-14981
was published
May 24, 2022
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate...
Moderate
Unreviewed
CVE-2020-14980
was published
May 24, 2022
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification...
Moderate
Unreviewed
CVE-2012-4948
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API