GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
926 advisories
Filter by severity
MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to...
High
Unreviewed
CVE-2023-38355
was published
Sep 19, 2023
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to...
High
Unreviewed
CVE-2023-38352
was published
Sep 19, 2023
MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers...
High
Unreviewed
CVE-2023-38356
was published
Sep 19, 2023
MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to...
High
Unreviewed
CVE-2023-38354
was published
Sep 19, 2023
An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent...
High
Unreviewed
CVE-2023-4801
was published
Sep 13, 2023
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying...
Moderate
Unreviewed
CVE-2023-35845
was published
Sep 11, 2023
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker...
High
Unreviewed
CVE-2023-30729
was published
Sep 6, 2023
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14...
Moderate
Unreviewed
CVE-2023-41180
was published
Sep 3, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6...
Moderate
Unreviewed
CVE-2022-22305
was published
Sep 1, 2023
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of...
High
Unreviewed
CVE-2023-1409
was published
Aug 23, 2023
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
In multiple locations, there are root CA certificates which need to be disabled. This could lead...
High
Unreviewed
CVE-2023-21265
was published
Aug 14, 2023
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed...
Critical
Unreviewed
CVE-2023-40256
was published
Aug 11, 2023
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on...
High
Unreviewed
CVE-2023-34143
was published
Jul 18, 2023
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension)...
High
Unreviewed
CVE-2023-3724
was published
Jul 18, 2023
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS...
High
Unreviewed
CVE-2023-3615
was published
Jul 17, 2023
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows...
Moderate
Unreviewed
CVE-2023-24461
was published
Jul 6, 2023
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual...
High
Unreviewed
CVE-2021-21548
was published
Jul 6, 2023
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software...
High
Unreviewed
CVE-2022-32748
was published
Jul 6, 2023
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32...
High
Unreviewed
CVE-2023-23546
was published
Jul 6, 2023
Bouncy Castle For Java LDAP injection vulnerability
Moderate
CVE-2023-33201
was published
for
org.bouncycastle:bcprov-debug-jdk14
(Maven)
Jul 5, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
Keycloak Untrusted Certificate Validation vulnerability
Moderate
CVE-2023-1664
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API