Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14... Moderate Unreviewed
CVE-2020-16162 was published May 24, 2022
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass... Moderate Unreviewed
CVE-2018-20200 was published May 24, 2022
Improper Certificate Validation in apache HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when... Moderate Unreviewed
CVE-2019-15604 was published May 24, 2022
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core Moderate
CVE-2017-0248 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle... Moderate Unreviewed
CVE-2021-23155 was published Nov 19, 2021
FilesAnywhere does not verify that the server hostname matches a domain name in the subject's... Moderate Unreviewed
CVE-2012-5819 was published May 17, 2022
The contribution feature in Zamboni does not verify that the server hostname matches a domain... Moderate Unreviewed
CVE-2012-5822 was published May 17, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2... Moderate Unreviewed
CVE-2008-4989 was published May 14, 2022
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions... Moderate Unreviewed
CVE-2023-22943 was published Feb 14, 2023
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2... Moderate Unreviewed
CVE-2023-47537 was published Feb 15, 2024
The Chase mobile banking application for Android does not verify that the server hostname matches... Moderate Unreviewed
CVE-2012-5810 was published May 17, 2022
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate.... Moderate Unreviewed
CVE-2023-33760 was published Jan 25, 2024
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and... Moderate Unreviewed
CVE-2023-33757 was published Jan 25, 2024
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the... Moderate Unreviewed
CVE-2014-1266 was published May 14, 2022
Lynx does not verify that the server's certificate is signed by a trusted certification authority... Moderate Unreviewed
CVE-2012-5821 was published May 17, 2022
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL... Moderate Unreviewed
CVE-2011-0199 was published May 17, 2022
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products... Moderate Unreviewed
CVE-2023-47700 was published Feb 7, 2024
ProTip! Advisories are also available from the GraphQL API