Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

926 advisories

Loading
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0... Moderate Unreviewed
CVE-2023-47742 was published Mar 3, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to... High Unreviewed
CVE-2024-31872 was published Apr 10, 2024
Data leakage via cache key collision in Django Moderate
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables... Critical Unreviewed
CVE-2024-45159 was published Sep 5, 2024
A flaw was found in libnbd. The client did not always correctly verify the NBD server's... Moderate Unreviewed
CVE-2024-7383 was published Aug 5, 2024
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS... High Unreviewed
CVE-2024-8287 was published Sep 18, 2024
mongodb-client-encryption vulnerable to Improper Certificate Validation Moderate
CVE-2021-20327 was published for mongodb-client-encryption (npm) Apr 12, 2021
An improper certificate validation vulnerability has been reported to affect QuMagie. If... Low Unreviewed
CVE-2024-38642 was published Sep 6, 2024
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication Critical
CVE-2022-32563 was published for couchbase (pip) Jun 11, 2022
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate... Moderate Unreviewed
CVE-2024-39771 was published Aug 28, 2024
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP... Moderate Unreviewed
CVE-2024-8096 was published Sep 11, 2024
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7... Moderate Unreviewed
CVE-2024-31489 was published Sep 10, 2024
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions... Moderate Unreviewed
CVE-2022-45856 was published Sep 10, 2024
Httpful is Missing Certificate Validation Moderate
GHSA-gcfg-hmwx-wq5h was published for nategood/httpful (Composer) Sep 9, 2024
An improper certificate validation vulnerability in TLS certificate validation allows an attacker... High Unreviewed
CVE-2024-40714 was published Sep 7, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API