Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

923 advisories

Loading
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS... High Unreviewed
CVE-2024-8287 was published Sep 18, 2024
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP... Moderate Unreviewed
CVE-2024-8096 was published Sep 11, 2024
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7... Moderate Unreviewed
CVE-2024-31489 was published Sep 10, 2024
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions... Moderate Unreviewed
CVE-2022-45856 was published Sep 10, 2024
Httpful is Missing Certificate Validation Moderate
GHSA-gcfg-hmwx-wq5h was published for nategood/httpful (Composer) Sep 9, 2024
An improper certificate validation vulnerability in TLS certificate validation allows an attacker... High Unreviewed
CVE-2024-40714 was published Sep 7, 2024
An improper certificate validation vulnerability has been reported to affect QuMagie. If... Low Unreviewed
CVE-2024-38642 was published Sep 6, 2024
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate... Moderate Unreviewed
CVE-2024-39771 was published Aug 28, 2024
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an... High Unreviewed
CVE-2024-41996 was published Aug 26, 2024
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an... High Unreviewed
CVE-2024-8007 was published Aug 21, 2024
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with... Moderate Unreviewed
CVE-2023-50314 was published Aug 14, 2024
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network... Moderate Unreviewed
CVE-2023-50315 was published Aug 14, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and... High Unreviewed
CVE-2024-7570 was published Aug 13, 2024
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not... Low Unreviewed
CVE-2024-5445 was published Aug 12, 2024
There is a vulnerability in the AP Certificate Management Service which could allow a threat... Critical Unreviewed
CVE-2024-42395 was published Aug 6, 2024
A flaw was found in libnbd. The client did not always correctly verify the NBD server's... Moderate Unreviewed
CVE-2024-7383 was published Aug 5, 2024
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed... High Unreviewed
CVE-2024-6472 was published Aug 5, 2024
Under certain circumstances the exacqVision Server will not properly validate TLS certificates... Moderate Unreviewed
CVE-2024-32865 was published Aug 2, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a... Low Unreviewed
CVE-2024-4786 was published Jul 26, 2024
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the... High Unreviewed
CVE-2024-28872 was published Jul 11, 2024
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to... Moderate Unreviewed
CVE-2024-37865 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API