GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
Agent Dart is missing certificate verification checks
High
CVE-2024-48915
was published
for
agent_dart
(Pub)
Oct 15, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Httpful is Missing Certificate Validation
Moderate
GHSA-gcfg-hmwx-wq5h
was published
for
nategood/httpful
(Composer)
Sep 9, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Low
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
Serverpod client accepts any certificate
High
CVE-2024-29887
was published
for
serverpod_client
(Pub)
Mar 28, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Moderate
CVE-2023-51662
was published
for
Snowflake.Data
(NuGet)
Dec 22, 2023
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Critical
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default
Moderate
CVE-2023-4586
was published
for
io.netty:netty-handler
(Maven)
Oct 4, 2023
•
withdrawn
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
ProTip!
Advisories are also available from the
GraphQL API