Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a... High Unreviewed
CVE-2022-27890 was published Feb 16, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on... High Unreviewed
CVE-2022-4895 was published Feb 28, 2023
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation High
CVE-2019-7615 was published for elastic-apm (RubyGems) May 24, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting... High Unreviewed
CVE-2021-25636 was published Feb 25, 2022
HashiCorp Consul Privilege Escalation Vulnerability High
CVE-2021-37219 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
tdunlap607
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of... High Unreviewed
CVE-2023-20963 was published Mar 24, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded... High Unreviewed
CVE-2022-27644 was published Mar 29, 2023
A user with a compromised configuration can start an unsigned binary as a service. High Unreviewed
CVE-2023-28093 was published Apr 10, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream High
CVE-2022-45197 was published for slixmpp (pip) Dec 25, 2022
Improper Certificate Validation in kubeclient High
CVE-2022-0759 was published for kubeclient (RubyGems) Mar 26, 2022
tdunlap607
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Improper Certificate Validation in openssl High
CVE-2016-10931 was published for openssl (Rust) Aug 25, 2021
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can... High Unreviewed
CVE-2021-3935 was published May 24, 2022
Certificate check bypass in openssl-src High
CVE-2021-3450 was published for openssl-src (Rust) Aug 25, 2021
another-rex
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Improper Certificate Validation in Twisted High
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
Python Twisted trustRoot is not respected in HTTP client High
CVE-2014-7143 was published for twisted (pip) Dec 17, 2019
Improper certificate validation in em-imap High
CVE-2020-13163 was published for em-imap (RubyGems) May 24, 2021
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM... High Unreviewed
CVE-2021-44273 was published Dec 24, 2021
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
Apache Geode SSL endpoint verification vulnerability High
CVE-2019-10091 was published for org.apache.geode:geode-core (Maven) Feb 10, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability High
CVE-2019-12496 was published for github.com/hybridgroup/gobot (Go) May 24, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
ProTip! Advisories are also available from the GraphQL API