Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

487 advisories

Loading
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL... Moderate Unreviewed
CVE-2011-0199 was published May 17, 2022
Lynx does not verify that the server's certificate is signed by a trusted certification authority... Moderate Unreviewed
CVE-2012-5821 was published May 17, 2022
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the... Moderate Unreviewed
CVE-2014-1266 was published May 14, 2022
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and... Moderate Unreviewed
CVE-2023-33757 was published Jan 25, 2024
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate.... Moderate Unreviewed
CVE-2023-33760 was published Jan 25, 2024
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
The Chase mobile banking application for Android does not verify that the server hostname matches... Moderate Unreviewed
CVE-2012-5810 was published May 17, 2022
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2... Moderate Unreviewed
CVE-2023-47537 was published Feb 15, 2024
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions... Moderate Unreviewed
CVE-2023-22943 was published Feb 14, 2023
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2... Moderate Unreviewed
CVE-2008-4989 was published May 14, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
FilesAnywhere does not verify that the server hostname matches a domain name in the subject's... Moderate Unreviewed
CVE-2012-5819 was published May 17, 2022
The contribution feature in Zamboni does not verify that the server hostname matches a domain... Moderate Unreviewed
CVE-2012-5822 was published May 17, 2022
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle... Moderate Unreviewed
CVE-2021-23155 was published Nov 19, 2021
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core Moderate
CVE-2017-0248 was published for Microsoft.AspNetCore.Mvc (NuGet) Oct 16, 2018
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when... Moderate Unreviewed
CVE-2019-15604 was published May 24, 2022
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass... Moderate Unreviewed
CVE-2018-20200 was published May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14... Moderate Unreviewed
CVE-2020-16162 was published May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28... Moderate Unreviewed
CVE-2020-16163 was published May 24, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed
CVE-2011-2207 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database