Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,245
Erlang
31
GitHub Actions
21
Go
2,010
Maven
5,000+
npm
3,718
NuGet
662
pip
3,391
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
duplicity 0.6.24 has improper verification of SSL certificates High Unreviewed
CVE-2014-3495 was published May 17, 2022
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. High Unreviewed
CVE-2014-2902 was published May 17, 2022
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. High Unreviewed
CVE-2014-2901 was published May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
OpenStack keystonemiddleware does not verify certificate High
CVE-2014-7144 was published for keystonemiddleware (pip) May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks High
CVE-2015-1852 was published for keystonemiddleware (pip) May 17, 2022
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. High Unreviewed
CVE-2016-1132 was published May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect... High Unreviewed
CVE-2017-7192 was published May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in... High Unreviewed
CVE-2017-5887 was published May 17, 2022
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all... High Unreviewed
CVE-2013-7450 was published May 17, 2022
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form,... High Unreviewed
CVE-2017-8059 was published May 17, 2022
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the... High Unreviewed
CVE-2016-8231 was published May 17, 2022
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a... High Unreviewed
CVE-2015-2330 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue... High Unreviewed
CVE-2017-2498 was published May 17, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to... High Unreviewed
CVE-2017-0129 was published May 17, 2022
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which... High Unreviewed
CVE-2017-11364 was published May 17, 2022
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11... High Unreviewed
CVE-2017-11506 was published May 17, 2022
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures... High Unreviewed
CVE-2015-5263 was published May 17, 2022
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow... High Unreviewed
CVE-2015-2988 was published May 17, 2022
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote... High Unreviewed
CVE-2015-5639 was published May 17, 2022
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database... High Unreviewed
CVE-2017-6144 was published May 17, 2022
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted... High Unreviewed
CVE-2017-9758 was published May 17, 2022
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher... High Unreviewed
CVE-2015-2319 was published May 14, 2022
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message... High Unreviewed
CVE-2015-2318 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database