Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for... Critical Unreviewed
CVE-2021-45490 was published Mar 29, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible... Critical Unreviewed
CVE-2022-34831 was published Sep 15, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker... Critical Unreviewed
CVE-2021-20110 was published May 24, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line... Critical Unreviewed
CVE-2022-32156 was published Jun 16, 2022
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not... Critical Unreviewed
CVE-2022-32151 was published Jun 16, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote... Critical Unreviewed
CVE-2015-3886 was published May 17, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:... Critical Unreviewed
CVE-2014-8164 was published Jul 7, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might... Critical Unreviewed
CVE-2015-7826 was published May 17, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL... Critical Unreviewed
CVE-2017-2800 was published May 13, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM)... Critical Unreviewed
CVE-2020-27649 was published May 24, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ... Critical Unreviewed
CVE-2020-27648 was published May 24, 2022
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server... Critical Unreviewed
CVE-2021-3460 was published May 24, 2022
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for... Critical Unreviewed
CVE-2021-3336 was published May 24, 2022
While processing server certificate from IPSec server, certificate validation for subject... Critical Unreviewed
CVE-2020-11176 was published May 24, 2022
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of... Critical Unreviewed
CVE-2020-28907 was published May 24, 2022
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x,... Critical Unreviewed
CVE-2022-34865 was published Aug 5, 2022
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted... Critical Unreviewed
CVE-2021-33695 was published May 24, 2022
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate... Critical Unreviewed
CVE-2021-33907 was published May 24, 2022
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages.... Critical Unreviewed
CVE-2017-7406 was published May 24, 2022
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage... Critical Unreviewed
CVE-2022-37437 was published Aug 17, 2022
fs2-io skips mTLS client verification Critical
CVE-2022-31183 was published for co.fs2:fs2-io (Maven) Jul 29, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
A certificate validation issue existed in the handling of WKWebView. This issue was addressed... Critical Unreviewed
CVE-2022-42813 was published Nov 2, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate... Critical Unreviewed
CVE-2018-5926 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API