GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
352 advisories
Filter by severity
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a...
High
Unreviewed
CVE-2022-27890
was published
Feb 16, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on...
High
Unreviewed
CVE-2022-4895
was published
Feb 28, 2023
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting...
High
Unreviewed
CVE-2021-25636
was published
Feb 25, 2022
HashiCorp Consul Privilege Escalation Vulnerability
High
CVE-2021-37219
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of...
High
Unreviewed
CVE-2023-20963
was published
Mar 24, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded...
High
Unreviewed
CVE-2022-27644
was published
Mar 29, 2023
A user with a compromised configuration can start an unsigned binary as a service.
High
Unreviewed
CVE-2023-28093
was published
Apr 10, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
Improper Certificate Validation in kubeclient
High
CVE-2022-0759
was published
for
kubeclient
(RubyGems)
Mar 26, 2022
Missing TLS certificate verification in faye-websocket
High
CVE-2020-15133
was published
for
faye-websocket
(RubyGems)
Jul 31, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Improper Certificate Validation in openssl
High
CVE-2016-10931
was published
for
openssl
(Rust)
Aug 25, 2021
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can...
High
Unreviewed
CVE-2021-3935
was published
May 24, 2022
Certificate check bypass in openssl-src
High
CVE-2021-3450
was published
for
openssl-src
(Rust)
Aug 25, 2021
Improper Certificate Validation in EM-HTTP-Request
High
CVE-2020-13482
was published
for
em-http-request
(RubyGems)
May 24, 2021
Improper Certificate Validation in Twisted
High
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
Improper certificate validation in em-imap
High
CVE-2020-13163
was published
for
em-imap
(RubyGems)
May 24, 2021
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM...
High
Unreviewed
CVE-2021-44273
was published
Dec 24, 2021
tiny-json-http missing SSL certificate validation
High
CVE-2018-1000096
was published
for
tiny-json-http
(npm)
Mar 13, 2018
Apache Geode SSL endpoint verification vulnerability
High
CVE-2019-10091
was published
for
org.apache.geode:geode-core
(Maven)
Feb 10, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability
High
CVE-2019-12496
was published
for
github.com/hybridgroup/gobot
(Go)
May 24, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25835
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API