GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Low
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Critical
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
in-toto: PGP trust model not (fully) considered
Moderate
GHSA-jjgp-whrp-gq8m
was published
for
in-toto
(pip)
May 11, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Moderate
CVE-2023-25392
was published
for
bigflow
(pip)
Apr 10, 2023
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
High
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
SaltStack Salt Improper Certificate Validation
High
CVE-2020-28972
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
High
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
OpenStack keystonemiddleware does not verify certificate
High
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
High
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
Urllib3 Incorrect Certificate Validation
Moderate
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API