Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp Moderate
CVE-2018-11087 was published for com.rabbitmq:amqp-client (Maven) Oct 18, 2018
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Missing Authentication for Critical Function in Apache Calcite Moderate
CVE-2020-13955 was published for org.apache.calcite:calcite-core (Maven) Apr 22, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak Moderate
CVE-2020-1758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Improper Certificate Validation in apache HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Keycloak Authentication Error Moderate
CVE-2018-10894 was published for org.keycloak:keycloak-saml-adapter-core (Maven) May 13, 2022
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Jenkins CollabNet Plugin man in the middle vulnerability Moderate
CVE-2018-1000605 was published for org.jenkins-ci.plugins:collabnet (Maven) May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate
CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate
CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10314 was published for org.jenkins-ci.plugins:koji (Maven) May 24, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10317 was published for org.jvnet.hudson.plugins:sitemonitor (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API