GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,434

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

283 advisories

Filter by severity

Sort by

Least recently updated

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed

CVE-2021-3698 was published Mar 11, 2022

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed

CVE-2022-27536 was published Apr 21, 2022

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed

CVE-2012-0955 was published Apr 23, 2022

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed

CVE-2018-4015 was published May 13, 2022

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed

CVE-2018-0227 was published May 13, 2022

Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed

CVE-2021-44531 was published Feb 25, 2022

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed

CVE-2021-20109 was published May 24, 2022

Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service... High Unreviewed

CVE-2022-26493 was published Jun 4, 2022

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate... High Unreviewed

CVE-2020-26184 was published Jun 2, 2022

Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for... High Unreviewed

CVE-2022-42979 was published Jan 6, 2023

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which... High Unreviewed

CVE-2017-11364 was published May 17, 2022

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed

CVE-2022-32153 was published Jun 16, 2022

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed

CVE-2022-32152 was published Jun 16, 2022

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to... High Unreviewed

CVE-2017-0129 was published May 17, 2022

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue... High Unreviewed

CVE-2017-2498 was published May 17, 2022

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all... High Unreviewed

CVE-2013-7450 was published May 17, 2022

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the... High Unreviewed

CVE-2016-8231 was published May 17, 2022

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect... High Unreviewed

CVE-2017-7192 was published May 17, 2022

Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. High Unreviewed

CVE-2016-1132 was published May 17, 2022

Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a... High Unreviewed

CVE-2015-2330 was published May 17, 2022

Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form,... High Unreviewed

CVE-2017-8059 was published May 17, 2022

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in... High Unreviewed

CVE-2017-5887 was published May 17, 2022

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not... High Unreviewed

CVE-2022-1805 was published Jul 29, 2022

IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter... High Unreviewed

CVE-2021-29755 was published Jul 21, 2022

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an... High Unreviewed

CVE-2022-20860 was published Jul 22, 2022

Previous 1 2 3 4 5 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

283 advisories