Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

765 advisories

Loading
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle... Moderate Unreviewed
CVE-2021-23155 was published Nov 19, 2021
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in... High Unreviewed
CVE-2021-34599 was published Dec 2, 2021
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could... Moderate Unreviewed
CVE-2021-31747 was published Dec 11, 2021
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum... Moderate Unreviewed
CVE-2020-4496 was published Dec 14, 2021
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected... High Unreviewed
CVE-2021-42027 was published Dec 15, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-43882 was published Dec 16, 2021
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM... High Unreviewed
CVE-2021-44273 was published Dec 24, 2021
Windows Certificate Spoofing Vulnerability. High Unreviewed
CVE-2022-21836 was published Jan 12, 2022
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker... High Unreviewed
CVE-2022-22156 was published Jan 20, 2022
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1... High Unreviewed
CVE-2021-21959 was published Feb 10, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... High Unreviewed
CVE-2022-20703 was published Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed
CVE-2022-24320 was published Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed
CVE-2022-24319 was published Feb 11, 2022
In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate... Moderate Unreviewed
CVE-2022-20034 was published Feb 11, 2022
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not... Critical Unreviewed
CVE-2021-29656 was published Feb 19, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed
CVE-2021-44532 was published Feb 25, 2022
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication... Moderate Unreviewed
CVE-2022-25638 was published Feb 25, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting... High Unreviewed
CVE-2021-25636 was published Feb 25, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable... Moderate Unreviewed
CVE-2022-22946 was published Mar 5, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-42017 was published Mar 9, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under... Moderate Unreviewed
CVE-2022-25243 was published Mar 11, 2022
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9... Moderate Unreviewed
CVE-2022-21170 was published Mar 11, 2022
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed
CVE-2021-3698 was published Mar 11, 2022
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers... High Unreviewed
CVE-2021-3618 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database