Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

487 advisories

Loading
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying... Moderate Unreviewed
CVE-2023-35845 was published Sep 11, 2023
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14... Moderate Unreviewed
CVE-2023-41180 was published Sep 3, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6... Moderate Unreviewed
CVE-2022-22305 was published Sep 1, 2023
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows... Moderate Unreviewed
CVE-2023-24461 was published Jul 6, 2023
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost
Keycloak Untrusted Certificate Validation vulnerability Moderate
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) Jun 30, 2023
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku... Moderate Unreviewed
CVE-2023-29501 was published Jun 13, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all... Moderate Unreviewed
CVE-2023-29175 was published Jun 13, 2023
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6... Moderate Unreviewed
CVE-2023-34410 was published Jun 5, 2023
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted... Moderate Unreviewed
CVE-2023-0547 was published Jun 2, 2023
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed... Moderate Unreviewed
CVE-2023-0430 was published Jun 2, 2023
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability... Moderate Unreviewed
CVE-2023-24568 was published May 30, 2023
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports... Moderate Unreviewed
CVE-2023-28321 was published May 26, 2023
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation Moderate
GHSA-c892-cwq6-qrqf was published for org.keycloak:keycloak-core (Maven) May 26, 2023 withdrawn
Sensitive information disclosure and manipulation due to improper certification validation. The... Moderate Unreviewed
CVE-2022-45457 was published May 18, 2023
Sensitive information disclosure and manipulation due to improper certification validation. The... Moderate Unreviewed
CVE-2022-45458 was published May 18, 2023
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation Moderate
CVE-2023-32994 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
in-toto: PGP trust model not (fully) considered Moderate
GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories... Moderate Unreviewed
CVE-2023-31151 was published May 10, 2023
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01... Moderate Unreviewed
CVE-2023-23901 was published May 10, 2023
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty... Moderate Unreviewed
CVE-2022-39161 was published May 3, 2023
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,... Moderate Unreviewed
CVE-2023-31485 was published Apr 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation Moderate
CVE-2023-30517 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Apr 12, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation Moderate
CVE-2023-30516 was published for org.jenkins-ci.plugins:image-tag-parameter (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database