Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Moderate severity vulnerability that affects splunk-sdk High
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation High
CVE-2016-3083 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed
CVE-2021-3698 was published Mar 11, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed
CVE-2022-27536 was published Apr 21, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed
CVE-2012-0955 was published Apr 23, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed
CVE-2018-4015 was published May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed
CVE-2018-0227 was published May 13, 2022
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed
CVE-2021-20109 was published May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service... High Unreviewed
CVE-2022-26493 was published Jun 4, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate... High Unreviewed
CVE-2020-26184 was published Jun 2, 2022
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for... High Unreviewed
CVE-2022-42979 was published Jan 6, 2023
ProxyAgent vulnerable to MITM High
CVE-2022-32210 was published for undici (npm) Jun 17, 2022
pimterry
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which... High Unreviewed
CVE-2017-11364 was published May 17, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32153 was published Jun 16, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32152 was published Jun 16, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to... High Unreviewed
CVE-2017-0129 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API