Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
eb-bsi
Serverpod client accepts any certificate High
CVE-2024-29887 was published for serverpod_client (Pub) Mar 28, 2024
Skycoder42
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
Missing SSL certificate validation in localstack High
CVE-2023-48054 was published for localstack (pip) Nov 16, 2023
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients High
CVE-2023-2422 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
artsploit
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream High
CVE-2022-45197 was published for slixmpp (pip) Dec 25, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack High
CVE-2022-33684 was published for pulsar-client (pip) Nov 4, 2022
hsnbozkurt
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks High
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
ProxyAgent vulnerable to MITM High
CVE-2022-32210 was published for undici (npm) Jun 17, 2022
pimterry
SaltStack Salt Improper Certificate Validation High
CVE-2020-28972 was published for salt (pip) May 24, 2022
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database