GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,344
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
284 advisories
Filter by severity
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate...
High
Unreviewed
CVE-2021-3698
was published
Mar 11, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when...
High
Unreviewed
CVE-2022-27536
was published
Apr 21, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS...
High
Unreviewed
CVE-2012-0955
was published
Apr 23, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud...
High
Unreviewed
CVE-2018-4015
was published
May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client...
High
Unreviewed
CVE-2018-0227
was published
May 13, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to...
High
Unreviewed
CVE-2021-44531
was published
Feb 25, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can...
High
Unreviewed
CVE-2021-20109
was published
May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service...
High
Unreviewed
CVE-2022-26493
was published
Jun 4, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate...
High
Unreviewed
CVE-2020-26184
was published
Jun 2, 2022
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for...
High
Unreviewed
CVE-2022-42979
was published
Jan 6, 2023
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which...
High
Unreviewed
CVE-2017-11364
was published
May 17, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform...
High
Unreviewed
CVE-2022-32153
was published
Jun 16, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform...
High
Unreviewed
CVE-2022-32152
was published
Jun 16, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to...
High
Unreviewed
CVE-2017-0129
was published
May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue...
High
Unreviewed
CVE-2017-2498
was published
May 17, 2022
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all...
High
Unreviewed
CVE-2013-7450
was published
May 17, 2022
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the...
High
Unreviewed
CVE-2016-8231
was published
May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect...
High
Unreviewed
CVE-2017-7192
was published
May 17, 2022
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
High
Unreviewed
CVE-2016-1132
was published
May 17, 2022
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a...
High
Unreviewed
CVE-2015-2330
was published
May 17, 2022
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form,...
High
Unreviewed
CVE-2017-8059
was published
May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in...
High
Unreviewed
CVE-2017-5887
was published
May 17, 2022
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not...
High
Unreviewed
CVE-2022-1805
was published
Jul 29, 2022
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter...
High
Unreviewed
CVE-2021-29755
was published
Jul 21, 2022
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an...
High
Unreviewed
CVE-2022-20860
was published
Jul 22, 2022
ProTip!
Advisories are also available from the
GraphQL API