Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software... High Unreviewed
CVE-2022-32748 was published Jul 6, 2023
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32... High Unreviewed
CVE-2023-23546 was published Jul 6, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients High
CVE-2023-2422 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
artsploit
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and... High Unreviewed
CVE-2023-30222 was published Jun 16, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator... High Unreviewed
CVE-2023-20881 was published May 19, 2023
A certificate validation vulnerability exists in the Baiying Android application which could lead... High Unreviewed
CVE-2022-48186 was published May 1, 2023
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. High Unreviewed
CVE-2023-31484 was published Apr 29, 2023
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2... High Unreviewed
CVE-2023-22642 was published Apr 11, 2023
A user with a compromised configuration can start an unsigned binary as a service. High Unreviewed
CVE-2023-28093 was published Apr 10, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded... High Unreviewed
CVE-2022-27644 was published Mar 29, 2023
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of... High Unreviewed
CVE-2023-20963 was published Mar 24, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the... High Unreviewed
CVE-2023-0464 was published Mar 22, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on... High Unreviewed
CVE-2022-4895 was published Feb 28, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0... High Unreviewed
CVE-2022-39948 was published Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a... High Unreviewed
CVE-2022-27890 was published Feb 16, 2023
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by... High Unreviewed
CVE-2020-36659 was published Jan 27, 2023
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default... High Unreviewed
CVE-2020-36658 was published Jan 27, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for... High Unreviewed
CVE-2023-23690 was published Jan 19, 2023
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for... High Unreviewed
CVE-2022-42979 was published Jan 6, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream High
CVE-2022-45197 was published for slixmpp (pip) Dec 25, 2022
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should... High Unreviewed
CVE-2022-34469 was published Dec 22, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack High
CVE-2022-33684 was published for pulsar-client (pip) Nov 4, 2022
hsnbozkurt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database