Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

87 advisories

Loading
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
ProxyAgent vulnerable to MITM High
CVE-2022-32210 was published for undici (npm) Jun 17, 2022
pimterry
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
Improper Certificate Validation in Microsoft .NET Framework components High
CVE-2018-0786 was published for Microsoft.NETCore.UniversalWindowsPlatform (NuGet) Oct 16, 2018
skofman1
Improper Certificate Validation in Apache Qpid Proton High
CVE-2019-0223 was published for org.apache.qpid:proton-j (Maven) May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Hashicorp Consul Missing SSL Certificate Validation High
CVE-2021-32574 was published for github.com/hashicorp/consul (Go) Jul 19, 2021
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification High
CVE-2019-10446 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 24, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
Improper Certificate Validation in Graylog High
CVE-2020-15813 was published for org.graylog:graylog-parent (Maven) Feb 10, 2022
Improper Certificate Validation in Apache IoTDB High
CVE-2020-1952 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 6, 2022
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail High
CVE-2021-44549 was published for org.apache.sling:org.apache.sling.commons.messaging.mail (Maven) Dec 16, 2021
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values High
CVE-2021-3761 was published for github.com/cloudflare/cfrpki (Go) Sep 7, 2021
job
ProTip! Advisories are also available from the GraphQL API