GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
478 advisories
Filter by severity
An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories...
Moderate
Unreviewed
CVE-2023-31151
was published
May 10, 2023
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty...
Moderate
Unreviewed
CVE-2022-39161
was published
May 3, 2023
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,...
Moderate
Unreviewed
CVE-2023-31485
was published
Apr 29, 2023
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2...
Moderate
Unreviewed
CVE-2022-48437
was published
Apr 12, 2023
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509...
Moderate
Unreviewed
CVE-2021-3285
was published
May 24, 2022
GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP...
Moderate
Unreviewed
CVE-2020-24661
was published
May 24, 2022
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
Moderate
Unreviewed
CVE-2020-13616
was published
May 24, 2022
A missing secure communication definition and an incomplete TLS validation in the upgrade service...
Moderate
Unreviewed
CVE-2019-19101
was published
May 24, 2022
In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process...
Moderate
Unreviewed
CVE-2020-11806
was published
May 24, 2022
The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation,...
Moderate
Unreviewed
CVE-2019-11554
was published
May 24, 2022
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all...
Moderate
Unreviewed
CVE-2019-11674
was published
May 24, 2022
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client...
Moderate
Unreviewed
CVE-2019-3814
was published
May 24, 2022
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain...
Moderate
Unreviewed
CVE-2019-5506
was published
May 24, 2022
Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.
Moderate
Unreviewed
CVE-2019-16179
was published
May 24, 2022
A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote...
Moderate
Unreviewed
CVE-2019-1948
was published
May 24, 2022
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate...
Moderate
Unreviewed
CVE-2019-5280
was published
May 24, 2022
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
Moderate
Unreviewed
CVE-2017-18479
was published
May 24, 2022
A vulnerability exists where it possible to force Network Security Services (NSS) to sign...
Moderate
Unreviewed
CVE-2019-11727
was published
May 24, 2022
A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network...
Moderate
Unreviewed
CVE-2019-1940
was published
May 24, 2022
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows...
Moderate
Unreviewed
CVE-2019-9148
was published
May 24, 2022
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper...
Moderate
Unreviewed
CVE-2019-11550
was published
May 24, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead...
Moderate
Unreviewed
CVE-2012-1316
was published
Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of...
Moderate
Unreviewed
CVE-2011-2669
was published
Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to...
Moderate
Unreviewed
CVE-2011-2207
was published
Apr 22, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28...
Moderate
Unreviewed
CVE-2020-16163
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API