Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

953 advisories

Loading
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not... Critical Unreviewed
CVE-2022-32151 was published Jun 16, 2022
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when... Moderate Unreviewed
CVE-2020-36477 was published May 24, 2022
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH... Moderate Unreviewed
CVE-2021-20989 was published May 24, 2022
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key... Moderate Unreviewed
CVE-2021-34558 was published May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service... High Unreviewed
CVE-2022-26493 was published Jun 4, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept... Moderate Unreviewed
CVE-2021-36382 was published May 24, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line... Critical Unreviewed
CVE-2022-32156 was published Jun 16, 2022
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses... Moderate Unreviewed
CVE-2022-26491 was published Jun 3, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed
CVE-2021-20109 was published May 24, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker... Critical Unreviewed
CVE-2021-20110 was published May 24, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0... Moderate Unreviewed
CVE-2022-29082 was published May 27, 2022
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an... Moderate Unreviewed
CVE-2020-16197 was published May 24, 2022
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname... Moderate Unreviewed
CVE-2020-13614 was published May 24, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5,... Moderate Unreviewed
CVE-2022-26766 was published May 27, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible... Critical Unreviewed
CVE-2022-34831 was published Sep 15, 2022
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and... Moderate Unreviewed
CVE-2015-3152 was published May 14, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed
CVE-2021-44532 was published Feb 25, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable... Moderate Unreviewed
CVE-2022-22946 was published Mar 5, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under... Moderate Unreviewed
CVE-2022-25243 was published Mar 11, 2022
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed
CVE-2018-0227 was published May 13, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed
CVE-2018-4015 was published May 13, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database