Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
Jenkins Active Directory Plugin did not verify certificate of AD server High
CVE-2017-2649 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
It was found that CloudForms does not verify that the server hostname matches the domain name in... High Unreviewed
CVE-2017-2639 was published May 13, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and... High Unreviewed
CVE-2017-3190 was published May 13, 2022
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session... High Unreviewed
CVE-2017-7468 was published May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed
CVE-2018-0227 was published May 13, 2022
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)... High Unreviewed
CVE-2018-0277 was published May 13, 2022
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow... High Unreviewed
CVE-2018-0434 was published May 13, 2022
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. High Unreviewed
CVE-2018-12461 was published May 13, 2022
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature... High Unreviewed
CVE-2018-15784 was published May 13, 2022
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate... High Unreviewed
CVE-2018-1509 was published May 13, 2022
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a ... High Unreviewed
CVE-2018-4849 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname... High Unreviewed
CVE-2018-5462 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate... High Unreviewed
CVE-2018-5466 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate... High Unreviewed
CVE-2018-5464 was published May 13, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS High
CVE-2019-1003009 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime... High Unreviewed
CVE-2019-1659 was published May 13, 2022
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco... High Unreviewed
CVE-2019-1748 was published May 13, 2022
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5... High Unreviewed
CVE-2019-1683 was published May 13, 2022
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do... High Unreviewed
CVE-2017-7322 was published May 13, 2022
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not... High Unreviewed
CVE-2018-8019 was published May 13, 2022
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. High Unreviewed
CVE-2016-1148 was published May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet... High Unreviewed
CVE-2018-1000500 was published May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed... High Unreviewed
CVE-2018-1000520 was published May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"... High Unreviewed
CVE-2017-1000256 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database