Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

61 advisories

Loading
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables... Critical Unreviewed
CVE-2024-45159 was published Sep 5, 2024
There is a vulnerability in the AP Certificate Management Service which could allow a threat... Critical Unreviewed
CVE-2024-42395 was published Aug 6, 2024
In gnss service, there is a possible escalation of privilege due to improper certificate... Critical Unreviewed
CVE-2024-20080 was published Jul 1, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under... Critical Unreviewed
CVE-2024-25140 was published Feb 6, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack... Critical Unreviewed
CVE-2023-50356 was published Jan 31, 2024
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-42425 was published Oct 31, 2023
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for... Critical Unreviewed
CVE-2023-5422 was published Oct 16, 2023
Lack of TLS certificate verification in log transmission of a financial module within LINE Client... Critical Unreviewed
CVE-2023-5554 was published Oct 12, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified Critical Unreviewed
CVE-2023-45613 was published Oct 9, 2023
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed... Critical Unreviewed
CVE-2023-40256 was published Aug 11, 2023
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute... Critical Unreviewed
CVE-2022-47758 was published Apr 27, 2023
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows... Critical Unreviewed
CVE-2021-46880 was published Apr 15, 2023
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable... Critical Unreviewed
CVE-2023-26463 was published Apr 15, 2023
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Critical Unreviewed
CVE-2022-45597 was published Mar 25, 2023
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up... Critical Unreviewed
CVE-2022-31733 was published Feb 3, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation... Critical Unreviewed
CVE-2022-45100 was published Feb 1, 2023
A certificate validation issue existed in the handling of WKWebView. This issue was addressed... Critical Unreviewed
CVE-2022-42813 was published Nov 2, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible... Critical Unreviewed
CVE-2022-34831 was published Sep 15, 2022
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage... Critical Unreviewed
CVE-2022-37437 was published Aug 17, 2022
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x,... Critical Unreviewed
CVE-2022-34865 was published Aug 5, 2022
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a... Critical Unreviewed
CVE-2022-26305 was published Jul 26, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:... Critical Unreviewed
CVE-2014-8164 was published Jul 7, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line... Critical Unreviewed
CVE-2022-32156 was published Jun 16, 2022
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not... Critical Unreviewed
CVE-2022-32151 was published Jun 16, 2022
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages.... Critical Unreviewed
CVE-2017-7406 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API