GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
352 advisories
Filter by severity
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
High
Unreviewed
CVE-2017-7726
was published
May 13, 2022
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath...
High
Unreviewed
CVE-2017-6594
was published
May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be...
High
Unreviewed
CVE-2017-7429
was published
May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check...
High
Unreviewed
CVE-2018-8020
was published
May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"...
High
Unreviewed
CVE-2017-1000256
was published
May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed...
High
Unreviewed
CVE-2018-1000520
was published
May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet...
High
Unreviewed
CVE-2018-1000500
was published
May 13, 2022
Improper Certificate Validation in Graylog
High
CVE-2020-15813
was published
for
org.graylog:graylog-parent
(Maven)
Feb 10, 2022
Improper Certificate Validation in Apache IoTDB
High
CVE-2020-1952
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 6, 2022
Privilege escalation in Hashicorp Nomad
High
CVE-2021-37218
was published
for
github.com/hashicorp/nomad
(Go)
Sep 8, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in...
High
Unreviewed
CVE-2021-34599
was published
Dec 2, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
High
CVE-2021-44549
was published
for
org.apache.sling:org.apache.sling.commons.messaging.mail
(Maven)
Dec 16, 2021
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected...
High
Unreviewed
CVE-2021-42027
was published
Dec 15, 2021
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
High
Unreviewed
CVE-2016-1148
was published
May 13, 2022
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not...
High
Unreviewed
CVE-2018-8019
was published
May 13, 2022
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime...
High
Unreviewed
CVE-2019-1659
was published
May 13, 2022
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do...
High
Unreviewed
CVE-2017-7322
was published
May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate...
High
Unreviewed
CVE-2018-5466
was published
May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate...
High
Unreviewed
CVE-2018-5464
was published
May 13, 2022
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a ...
High
Unreviewed
CVE-2018-4849
was published
May 13, 2022
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5...
High
Unreviewed
CVE-2019-1683
was published
May 13, 2022
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco...
High
Unreviewed
CVE-2019-1748
was published
May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname...
High
Unreviewed
CVE-2018-5462
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API