GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
Improper Certificate Validation in OWASP ZAP
Moderate
CVE-2022-27820
was published
for
org.zaproxy:zap
(Maven)
Mar 25, 2022
Improper Certificate Validation in OkHttp
Moderate
CVE-2016-2402
was published
for
com.squareup.okhttp3:okhttp
(Maven)
May 13, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
Improper Certificate Validation in Jenkins
Moderate
CVE-2017-1000396
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Jenkins CollabNet Plugin man in the middle vulnerability
Moderate
CVE-2018-1000605
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
May 14, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
Moderate
CVE-2017-1000209
was published
for
com.neovisionaries:nv-websocket-client
(Maven)
May 17, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Missing Authentication for Critical Function in Apache Calcite
Moderate
CVE-2020-13955
was published
for
org.apache.calcite:calcite-core
(Maven)
Apr 22, 2021
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin
Moderate
CVE-2022-28142
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability
Moderate
CVE-2019-10381
was published
for
org.jenkins-ci.plugins:codefresh
(Maven)
May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
Moderate
CVE-2019-10382
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation
Moderate
CVE-2023-30516
was published
for
org.jenkins-ci.plugins:image-tag-parameter
(Maven)
Apr 12, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
Moderate
CVE-2023-30517
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Apr 12, 2023
Keycloak Untrusted Certificate Validation vulnerability
Moderate
CVE-2023-1664
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 30, 2023
kevinsawicki/http-request Missing certificate validation
Moderate
CVE-2019-1010206
was published
for
com.github.kevinsawicki:http-request
(Maven)
May 24, 2022
Keycloak Authentication Error
Moderate
CVE-2018-10894
was published
for
org.keycloak:keycloak-saml-adapter-core
(Maven)
May 13, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2019-10317
was published
for
org.jvnet.hudson.plugins:sitemonitor
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API