Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
An improper certificate validation vulnerability has been reported to affect QuMagie. If... Low Unreviewed
CVE-2024-38642 was published Sep 6, 2024
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not... Low Unreviewed
CVE-2024-5445 was published Aug 12, 2024
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a... Low Unreviewed
CVE-2024-4786 was published Jul 26, 2024
A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic.... Low Unreviewed
CVE-2024-4062 was published Apr 23, 2024
A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as... Low Unreviewed
CVE-2024-4063 was published Apr 23, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Low
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive... Low Unreviewed
CVE-2023-37397 was published Apr 19, 2024
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability... Low Unreviewed
CVE-2023-32464 was published Jun 23, 2023
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox... Low Unreviewed
CVE-2023-34414 was published Jun 19, 2023
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a... Low Unreviewed
CVE-2022-48307 was published Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a... Low Unreviewed
CVE-2022-48308 was published Feb 16, 2023
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support... Low Unreviewed
CVE-2022-34394 was published Sep 29, 2022
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw... Low Unreviewed
CVE-2021-22138 was published May 24, 2022
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS)... Low Unreviewed
CVE-2021-1354 was published May 24, 2022
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well... Low Unreviewed
CVE-2019-1552 was published May 24, 2022
Urllib3 Incorrect Certificate Validation Low
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field... Low Unreviewed
CVE-2012-2993 was published May 17, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API