Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. High Unreviewed
CVE-2017-7726 was published May 13, 2022
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath... High Unreviewed
CVE-2017-6594 was published May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be... High Unreviewed
CVE-2017-7429 was published May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check... High Unreviewed
CVE-2018-8020 was published May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"... High Unreviewed
CVE-2017-1000256 was published May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed... High Unreviewed
CVE-2018-1000520 was published May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet... High Unreviewed
CVE-2018-1000500 was published May 13, 2022
Improper Certificate Validation in Graylog High
CVE-2020-15813 was published for org.graylog:graylog-parent (Maven) Feb 10, 2022
Improper Certificate Validation in Apache IoTDB High
CVE-2020-1952 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 6, 2022
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in... High Unreviewed
CVE-2021-34599 was published Dec 2, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail High
CVE-2021-44549 was published for org.apache.sling:org.apache.sling.commons.messaging.mail (Maven) Dec 16, 2021
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected... High Unreviewed
CVE-2021-42027 was published Dec 15, 2021
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. High Unreviewed
CVE-2016-1148 was published May 13, 2022
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not... High Unreviewed
CVE-2018-8019 was published May 13, 2022
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime... High Unreviewed
CVE-2019-1659 was published May 13, 2022
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do... High Unreviewed
CVE-2017-7322 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate... High Unreviewed
CVE-2018-5466 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate... High Unreviewed
CVE-2018-5464 was published May 13, 2022
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a ... High Unreviewed
CVE-2018-4849 was published May 13, 2022
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5... High Unreviewed
CVE-2019-1683 was published May 13, 2022
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco... High Unreviewed
CVE-2019-1748 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname... High Unreviewed
CVE-2018-5462 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API