Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

61 advisories

Loading
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-43882 was published Dec 16, 2021
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not... Critical Unreviewed
CVE-2021-29656 was published Feb 19, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for... Critical Unreviewed
CVE-2021-45490 was published Mar 29, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL... Critical Unreviewed
CVE-2017-2800 was published May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate... Critical Unreviewed
CVE-2018-5926 was published May 13, 2022
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the... Critical Unreviewed
CVE-2019-3807 was published May 13, 2022
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x... Critical Unreviewed
CVE-2019-3777 was published May 13, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,... Critical Unreviewed
CVE-2017-17301 was published May 13, 2022
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers,... Critical Unreviewed
CVE-2019-8351 was published May 14, 2022
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL... Critical Unreviewed
CVE-2019-6266 was published May 14, 2022
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL... Critical Unreviewed
CVE-2019-6592 was published May 14, 2022
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to... Critical Unreviewed
CVE-2016-1000030 was published May 14, 2022
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation... Critical Unreviewed
CVE-2018-12829 was published May 14, 2022
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable... Critical Unreviewed
CVE-2018-4991 was published May 14, 2022
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept... Critical Unreviewed
CVE-2018-9127 was published May 14, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote... Critical Unreviewed
CVE-2015-3886 was published May 17, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might... Critical Unreviewed
CVE-2015-7826 was published May 17, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17944 was published May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17945 was published May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via... Critical Unreviewed
CVE-2015-2320 was published May 24, 2022
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS... Critical Unreviewed
CVE-2018-21029 was published May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because... Critical Unreviewed
CVE-2019-18632 was published May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate... Critical Unreviewed
CVE-2019-18633 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API