GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,329
Composer 4,361
Erlang 33
GitHub Actions 22
Go 2,127
Maven 5,308
npm 3,794
NuGet 685
pip 3,473
Pub 12
RubyGems 894
Rust 894
Swift 38

Unreviewed advisories

All unreviewed 245,010

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

497 advisories

Filter by severity

Sort by

Least recently updated

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate... Moderate Unreviewed

CVE-2024-39771 was published Aug 28, 2024

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with... Moderate Unreviewed

CVE-2023-50314 was published Aug 14, 2024

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network... Moderate Unreviewed

CVE-2023-50315 was published Aug 14, 2024

A flaw was found in libnbd. The client did not always correctly verify the NBD server's... Moderate Unreviewed

CVE-2024-7383 was published Aug 5, 2024

Under certain circumstances the exacqVision Server will not properly validate TLS certificates... Moderate Unreviewed

CVE-2024-32865 was published Aug 2, 2024

casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate

CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024

An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to... Moderate Unreviewed

CVE-2024-37865 was published Jul 9, 2024

A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to... Moderate Unreviewed

CVE-2024-28067 was published Jul 9, 2024

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0... Moderate Unreviewed

CVE-2024-33509 was published Jul 9, 2024

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7... Moderate Unreviewed

CVE-2023-50179 was published Jul 9, 2024

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is... Moderate Unreviewed

CVE-2024-25053 was published Jun 29, 2024

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper... Moderate Unreviewed

CVE-2024-35299 was published May 16, 2024

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may... Moderate Unreviewed

CVE-2024-33612 was published May 8, 2024

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used... Moderate Unreviewed

CVE-2024-0042 was published May 7, 2024

IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to... Moderate Unreviewed

CVE-2023-50949 was published Apr 11, 2024

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for... Moderate Unreviewed

CVE-2024-27440 was published Mar 13, 2024

This issue was addressed through improved state management. This issue is fixed in Safari 17.4,... Moderate Unreviewed

CVE-2024-23273 was published Mar 8, 2024

Jenkins Delphix Plugin has improper SSL/TLS certificate validation Moderate

CVE-2024-28162 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024

Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default Moderate

CVE-2024-28161 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0... Moderate Unreviewed

CVE-2023-47742 was published Mar 3, 2024

An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2... Moderate Unreviewed

CVE-2023-47537 was published Feb 15, 2024

IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products... Moderate Unreviewed

CVE-2023-47700 was published Feb 7, 2024

curl inadvertently kept the SSL session ID for connections in its cache even when the verify... Moderate Unreviewed

CVE-2024-0853 was published Feb 3, 2024

In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name... Moderate Unreviewed

CVE-2023-28807 was published Jan 31, 2024

A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and... Moderate Unreviewed

CVE-2023-33757 was published Jan 25, 2024

Previous 1 2 3 4 5 … 19 20 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

497 advisories