GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
352 advisories
Filter by severity
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue...
High
Unreviewed
CVE-2017-2498
was published
May 17, 2022
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all...
High
Unreviewed
CVE-2013-7450
was published
May 17, 2022
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the...
High
Unreviewed
CVE-2016-8231
was published
May 17, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect...
High
Unreviewed
CVE-2017-7192
was published
May 17, 2022
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
High
Unreviewed
CVE-2016-1132
was published
May 17, 2022
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a...
High
Unreviewed
CVE-2015-2330
was published
May 17, 2022
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form,...
High
Unreviewed
CVE-2017-8059
was published
May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in...
High
Unreviewed
CVE-2017-5887
was published
May 17, 2022
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not...
High
Unreviewed
CVE-2022-1805
was published
Jul 29, 2022
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter...
High
Unreviewed
CVE-2021-29755
was published
Jul 21, 2022
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an...
High
Unreviewed
CVE-2022-20860
was published
Jul 22, 2022
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for...
High
Unreviewed
CVE-2023-23690
was published
Jan 19, 2023
On Darwin, user's trust preferences for root certificates were not honored. If the user had a...
High
Unreviewed
CVE-2017-1000097
was published
May 14, 2022
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should...
High
Unreviewed
CVE-2022-34469
was published
Dec 22, 2022
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle...
High
Unreviewed
CVE-2020-26117
was published
May 24, 2022
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0...
High
Unreviewed
CVE-2022-22787
was published
May 19, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its...
High
Unreviewed
CVE-2019-7229
was published
May 24, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
High
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not...
High
Unreviewed
CVE-2020-16093
was published
Jul 19, 2022
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to...
High
Unreviewed
CVE-2021-43766
was published
Aug 26, 2022
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5...
High
Unreviewed
CVE-2020-5913
was published
May 24, 2022
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third...
High
Unreviewed
CVE-2020-15719
was published
May 24, 2022
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack...
High
Unreviewed
CVE-2020-3994
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API