Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Keycloak Authentication Error Moderate
CVE-2018-10894 was published for org.keycloak:keycloak-saml-adapter-core (Maven) May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
OpenStack Keystone and other components vulnerable to Improper Certificate Validation Moderate
CVE-2013-2255 was published for cinder (pip) May 5, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Mercurial Improper Certificate Validation vulnerability Moderate
CVE-2010-4237 was published for mercurial (pip) Apr 21, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket Moderate
CVE-2022-24968 was published for mellium.im/xmpp (Go) Feb 16, 2022
moparisthebest
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp Moderate
GHSA-m658-p24x-p74r was published for mellium.im/xmpp (Go) Feb 12, 2022 withdrawn
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak Moderate
CVE-2020-1758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core Moderate
CVE-2020-29457 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Nov 19, 2021
mregen
Improper Certificate Validation in Heartland & Global Payments PHP SDK Moderate
CVE-2019-20455 was published for globalpayments/php-sdk (Composer) Oct 12, 2021
Improper Certificate Handling Moderate
CVE-2020-9321 was published for github.com/traefik/traefik (Go) Sep 2, 2021
avivdolev
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Missing Authentication for Critical Function in Apache Calcite Moderate
CVE-2020-13955 was published for org.apache.calcite:calcite-core (Maven) Apr 22, 2021
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database