GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server...
Moderate
Unreviewed
CVE-2024-38324
was published
Sep 25, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default...
High
Unreviewed
CVE-2024-7346
was published
Sep 3, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the...
High
Unreviewed
CVE-2024-37015
was published
Aug 13, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Allow attackers to intercept or falsify data exchanges between the client
and the server
Unknown
Unreviewed
CVE-2024-2462
was published
Jun 11, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
libcurl did not check the server certificate of TLS connections done to a host specified as an IP...
Moderate
Unreviewed
CVE-2024-2466
was published
Mar 27, 2024
KEPServerEX does not properly validate certificates from clients which may allow...
High
Unreviewed
CVE-2023-5909
was published
Dec 1, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6...
Moderate
Unreviewed
CVE-2022-22305
was published
Sep 1, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on...
High
Unreviewed
CVE-2023-34143
was published
Jul 18, 2023
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability...
Moderate
Unreviewed
CVE-2023-24568
was published
May 30, 2023
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Jenkins SmallTest Plugin missing hostname validation
Moderate
CVE-2022-41243
was published
for
com.smalltest:smalltest
(Maven)
Sep 22, 2022
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate...
High
Unreviewed
CVE-2020-14387
was published
May 24, 2022
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG...
High
Unreviewed
CVE-2019-13050
was published
May 24, 2022
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47...
Moderate
Unreviewed
CVE-2016-1280
was published
May 17, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10...
Moderate
Unreviewed
CVE-2014-3522
was published
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
An exploitable vulnerability exists in the remote control functionality of Circle with Disney...
Moderate
Unreviewed
CVE-2017-2911
was published
May 13, 2022
An exploitable vulnerability exists in the remote control functionality of Circle with Disney...
Moderate
Unreviewed
CVE-2017-2912
was published
May 13, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL...
Moderate
Unreviewed
CVE-2017-2913
was published
May 13, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
High
CVE-2021-44549
was published
for
org.apache.sling:org.apache.sling.commons.messaging.mail
(Maven)
Dec 16, 2021
ProTip!
Advisories are also available from the
GraphQL API