Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

368 advisories

Loading
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
An improper certificate validation vulnerability in TLS certificate validation allows an attacker... High Unreviewed
CVE-2024-40714 was published Sep 7, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Improper Certificate Validation in Apache Airflow High
CVE-2018-20245 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an... High Unreviewed
CVE-2024-41996 was published Aug 26, 2024
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an... High Unreviewed
CVE-2024-8007 was published Aug 21, 2024
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on... High Unreviewed
CVE-2022-32509 was published May 14, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and... High Unreviewed
CVE-2024-7570 was published Aug 13, 2024
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
eb-bsi
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed... High Unreviewed
CVE-2024-6472 was published Aug 5, 2024
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted... High Unreviewed
CVE-2023-40104 was published Feb 16, 2024
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the... High Unreviewed
CVE-2020-12614 was published Dec 12, 2023
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... High Unreviewed
CVE-2022-20703 was published Feb 11, 2022
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the... High Unreviewed
CVE-2024-28872 was published Jul 11, 2024
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3... High Unreviewed
CVE-2023-50178 was published Jul 9, 2024
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. High Unreviewed
CVE-2023-31484 was published Apr 29, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the... High Unreviewed
CVE-2023-0464 was published Mar 22, 2023
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism... High Unreviewed
CVE-2024-28021 was published Jun 11, 2024
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer... High Unreviewed
CVE-2024-1351 was published Mar 7, 2024
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can... High Unreviewed
CVE-2024-25642 was published Feb 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database