GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
Critical
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
Improper Certificate Validation in Twisted
Critical
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
Urllib3 Incorrect Certificate Validation
Moderate
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Critical
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
High
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Data leakage via cache key collision in Django
High
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Improper Certificate Validation in Apache Commons HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
splunk-sdk does not properly verify untrusted TLS server certificates
Critical
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
SaltStack Salt Improper Certificate Validation
High
CVE-2020-28972
was published
for
salt
(pip)
May 24, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Salt vulnerable to Improper Certificate Validation
High
CVE-2015-4017
was published
for
salt
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API