Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

368 advisories

Loading
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation High
CVE-2016-3083 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed
CVE-2021-3698 was published Mar 11, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed
CVE-2022-27536 was published Apr 21, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed
CVE-2012-0955 was published Apr 23, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed
CVE-2018-4015 was published May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed
CVE-2018-0227 was published May 13, 2022
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed
CVE-2021-20109 was published May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service... High Unreviewed
CVE-2022-26493 was published Jun 4, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate... High Unreviewed
CVE-2020-26184 was published Jun 2, 2022
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for... High Unreviewed
CVE-2022-42979 was published Jan 6, 2023
ProxyAgent vulnerable to MITM High
CVE-2022-32210 was published for undici (npm) Jun 17, 2022
pimterry
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which... High Unreviewed
CVE-2017-11364 was published May 17, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32152 was published Jun 16, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32153 was published Jun 16, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to... High Unreviewed
CVE-2017-0129 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue... High Unreviewed
CVE-2017-2498 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database