GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
352 advisories
Filter by severity
Jenkins Active Directory Plugin did not verify certificate of AD server
High
CVE-2017-2649
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999034
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999035
was published
for
com.inedo.buildmaster:inedo-buildmaster
(Maven)
May 14, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
High
CVE-2019-16561
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability
High
CVE-2017-2667
was published
for
hammer_cli_foreman
(RubyGems)
May 13, 2022
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local...
High
Unreviewed
CVE-2023-6043
was published
Jan 19, 2024
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
High
CVE-2018-1999025
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS
High
CVE-2019-1003009
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability.
High
Unreviewed
CVE-2022-26923
was published
May 11, 2022
Improper validation of the server’s certificate chain in secure traffic scanning feature...
High
Unreviewed
CVE-2023-5594
was published
Dec 21, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this...
High
Unreviewed
CVE-2023-49247
was published
Dec 6, 2023
Improper Certificate Validation in Apache activemq-client
High
CVE-2018-11775
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 19, 2018
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a...
High
Unreviewed
CVE-2023-1514
was published
Dec 19, 2023
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate...
High
Unreviewed
CVE-2021-43114
was published
May 24, 2022
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all...
High
Unreviewed
CVE-2023-6680
was published
Dec 15, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and...
High
Unreviewed
CVE-2023-30222
was published
Jun 16, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected...
High
Unreviewed
CVE-2023-48427
was published
Dec 12, 2023
KEPServerEX does not properly validate certificates from clients which may allow...
High
Unreviewed
CVE-2023-5909
was published
Dec 1, 2023
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity...
High
Unreviewed
CVE-2023-49312
was published
Nov 27, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component....
High
Unreviewed
CVE-2023-43082
was published
Nov 22, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote...
High
Unreviewed
CVE-2023-42532
was published
Nov 13, 2023
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet...
High
Unreviewed
CVE-2023-31421
was published
Oct 26, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API