GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
372 advisories
Filter by severity
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Certificate Validation
High
CVE-2017-11770
was published
for
Microsoft.NETCore.App
(NuGet)
Apr 12, 2022
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate...
High
Unreviewed
CVE-2021-3698
was published
Mar 11, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when...
High
Unreviewed
CVE-2022-27536
was published
Apr 21, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS...
High
Unreviewed
CVE-2012-0955
was published
Apr 23, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud...
High
Unreviewed
CVE-2018-4015
was published
May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client...
High
Unreviewed
CVE-2018-0227
was published
May 13, 2022
Skip the router TLS configuration when the host header is an FQDN
High
CVE-2022-23632
was published
for
github.com/traefik/traefik/v2
(Go)
Feb 16, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to...
High
Unreviewed
CVE-2021-44531
was published
Feb 25, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can...
High
Unreviewed
CVE-2021-20109
was published
May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service...
High
Unreviewed
CVE-2022-26493
was published
Jun 4, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate...
High
Unreviewed
CVE-2020-26184
was published
Jun 2, 2022
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for...
High
Unreviewed
CVE-2022-42979
was published
Jan 6, 2023
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which...
High
Unreviewed
CVE-2017-11364
was published
May 17, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform...
High
Unreviewed
CVE-2022-32153
was published
Jun 16, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform...
High
Unreviewed
CVE-2022-32152
was published
Jun 16, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to...
High
Unreviewed
CVE-2017-0129
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue...
High
Unreviewed
CVE-2017-2498
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API