GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
352 advisories
Filter by severity
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to...
High
Unreviewed
CVE-2024-31872
was published
Apr 10, 2024
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS...
High
Unreviewed
CVE-2024-8287
was published
Sep 18, 2024
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
Improper Certificate Validation in blackduck
High
CVE-2020-27589
was published
for
blackduck
(pip)
Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
An improper certificate validation vulnerability in TLS certificate validation allows an attacker...
High
Unreviewed
CVE-2024-40714
was published
Sep 7, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an...
High
Unreviewed
CVE-2024-41996
was published
Aug 26, 2024
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an...
High
Unreviewed
CVE-2024-8007
was published
Aug 21, 2024
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on...
High
Unreviewed
CVE-2022-32509
was published
May 14, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and...
High
Unreviewed
CVE-2024-7570
was published
Aug 13, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed...
High
Unreviewed
CVE-2024-6472
was published
Aug 5, 2024
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted...
High
Unreviewed
CVE-2023-40104
was published
Feb 16, 2024
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the...
High
Unreviewed
CVE-2020-12614
was published
Dec 12, 2023
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers...
High
Unreviewed
CVE-2022-20703
was published
Feb 11, 2022
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the...
High
Unreviewed
CVE-2024-28872
was published
Jul 11, 2024
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3...
High
Unreviewed
CVE-2023-50178
was published
Jul 9, 2024
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
High
Unreviewed
CVE-2023-31484
was published
Apr 29, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the...
High
Unreviewed
CVE-2023-0464
was published
Mar 22, 2023
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism...
High
Unreviewed
CVE-2024-28021
was published
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API