Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Jenkins Active Directory Plugin did not verify certificate of AD server High
CVE-2017-2649 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999034 was published for com.inedo.proget:inedo-proget (Maven) May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999035 was published for com.inedo.buildmaster:inedo-buildmaster (Maven) May 14, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local... High Unreviewed
CVE-2023-6043 was published Jan 19, 2024
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability High
CVE-2018-1999025 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS High
CVE-2019-1003009 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability. High Unreviewed
CVE-2022-26923 was published May 11, 2022
Improper validation of the server’s certificate chain in secure traffic scanning feature... High Unreviewed
CVE-2023-5594 was published Dec 21, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this... High Unreviewed
CVE-2023-49247 was published Dec 6, 2023
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a... High Unreviewed
CVE-2023-1514 was published Dec 19, 2023
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate... High Unreviewed
CVE-2021-43114 was published May 24, 2022
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all... High Unreviewed
CVE-2023-6680 was published Dec 15, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and... High Unreviewed
CVE-2023-30222 was published Jun 16, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected... High Unreviewed
CVE-2023-48427 was published Dec 12, 2023
KEPServerEX does not properly validate certificates from clients which may allow... High Unreviewed
CVE-2023-5909 was published Dec 1, 2023
Missing SSL certificate validation in localstack High
CVE-2023-48054 was published for localstack (pip) Nov 16, 2023
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity... High Unreviewed
CVE-2023-49312 was published Nov 27, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component.... High Unreviewed
CVE-2023-43082 was published Nov 22, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote... High Unreviewed
CVE-2023-42532 was published Nov 13, 2023
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet... High Unreviewed
CVE-2023-31421 was published Oct 26, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients High
CVE-2023-2422 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
artsploit
ProTip! Advisories are also available from the GraphQL API