Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

923 advisories

Loading
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua Moderate
CVE-2018-12087 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Oct 16, 2018
Moderate severity vulnerability that affects splunk-sdk High
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp Moderate
CVE-2018-11087 was published for com.rabbitmq:amqp-client (Maven) Oct 18, 2018
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation High
CVE-2016-3083 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9... Moderate Unreviewed
CVE-2022-21170 was published Mar 11, 2022
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed
CVE-2021-3698 was published Mar 11, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for... Critical Unreviewed
CVE-2021-45490 was published Mar 29, 2022
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3... Moderate Unreviewed
CVE-2022-0123 was published Mar 29, 2022
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify... Moderate Unreviewed
CVE-2022-28352 was published Apr 3, 2022
In A-GPS, there is a possible man in the middle attack due to improper certificate validation.... Moderate Unreviewed
CVE-2022-20081 was published Apr 12, 2022
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This... Moderate Unreviewed
CVE-2022-20071 was published Apr 12, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed
CVE-2022-27536 was published Apr 21, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates... Moderate Unreviewed
CVE-2007-5967 was published Apr 21, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08... Moderate Unreviewed
CVE-2021-3898 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API