Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
There is a vulnerability in the AP Certificate Management Service which could allow a threat... Critical Unreviewed
CVE-2024-42395 was published Aug 6, 2024
In gnss service, there is a possible escalation of privilege due to improper certificate... Critical Unreviewed
CVE-2024-20080 was published Jul 1, 2024
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under... Critical Unreviewed
CVE-2024-25140 was published Feb 6, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack... Critical Unreviewed
CVE-2023-50356 was published Jan 31, 2024
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary... Critical Unreviewed
CVE-2023-42425 was published Oct 31, 2023
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for... Critical Unreviewed
CVE-2023-5422 was published Oct 16, 2023
Lack of TLS certificate verification in log transmission of a financial module within LINE Client... Critical Unreviewed
CVE-2023-5554 was published Oct 12, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified Critical Unreviewed
CVE-2023-45613 was published Oct 9, 2023
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed... Critical Unreviewed
CVE-2023-40256 was published Aug 11, 2023
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute... Critical Unreviewed
CVE-2022-47758 was published Apr 27, 2023
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows... Critical Unreviewed
CVE-2021-46880 was published Apr 15, 2023
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable... Critical Unreviewed
CVE-2023-26463 was published Apr 15, 2023
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Critical Unreviewed
CVE-2022-45597 was published Mar 25, 2023
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up... Critical Unreviewed
CVE-2022-31733 was published Feb 3, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation... Critical Unreviewed
CVE-2022-45100 was published Feb 1, 2023
A certificate validation issue existed in the handling of WKWebView. This issue was addressed... Critical Unreviewed
CVE-2022-42813 was published Nov 2, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible... Critical Unreviewed
CVE-2022-34831 was published Sep 15, 2022
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage... Critical Unreviewed
CVE-2022-37437 was published Aug 17, 2022
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x,... Critical Unreviewed
CVE-2022-34865 was published Aug 5, 2022
fs2-io skips mTLS client verification Critical
CVE-2022-31183 was published for co.fs2:fs2-io (Maven) Jul 29, 2022
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a... Critical Unreviewed
CVE-2022-26305 was published Jul 26, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:... Critical Unreviewed
CVE-2014-8164 was published Jul 7, 2022
ProTip! Advisories are also available from the GraphQL API