GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
The host name verification missing in Apache Tomcat
High
CVE-2018-8034
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Improper Certificate Validation in Apache activemq-client
High
CVE-2018-11775
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 19, 2018
Improper Certificate Validation in proton-j
High
CVE-2018-17187
was published
for
org.apache.qpid:proton-j
(Maven)
Nov 21, 2018
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
High
CVE-2021-44549
was published
for
org.apache.sling:org.apache.sling.commons.messaging.mail
(Maven)
Dec 16, 2021
Improper Certificate Validation in Apache IoTDB
High
CVE-2020-1952
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 6, 2022
Apache Geode SSL endpoint verification vulnerability
High
CVE-2019-10091
was published
for
org.apache.geode:geode-core
(Maven)
Feb 10, 2022
Improper Certificate Validation in Graylog
High
CVE-2020-15813
was published
for
org.graylog:graylog-parent
(Maven)
Feb 10, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS
High
CVE-2019-1003009
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
Jenkins Active Directory Plugin did not verify certificate of AD server
High
CVE-2017-2649
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999034
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999035
was published
for
com.inedo.buildmaster:inedo-buildmaster
(Maven)
May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
High
CVE-2018-1999025
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
Improper Input Validation in XFire
High
CVE-2012-5817
was published
for
org.codehaus.xfire:xfire-core
(Maven)
May 17, 2022
Improper Certificate Validation in Apache Qpid Proton
High
CVE-2019-0223
was published
for
org.apache.qpid:proton-j
(Maven)
May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
High
CVE-2019-10446
was published
for
org.jenkins-ci.plugins:vmanager-plugin
(Maven)
May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin
High
CVE-2019-16558
was published
for
com.inflectra.spiratest.plugins:inflectra-spira-integration
(Maven)
May 24, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
High
CVE-2019-16561
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
High
CVE-2023-35142
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API