GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
373 advisories
Filter by severity
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software...
High
Unreviewed
CVE-2022-32748
was published
Jul 6, 2023
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32...
High
Unreviewed
CVE-2023-23546
was published
Jul 6, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and...
High
Unreviewed
CVE-2023-30222
was published
Jun 16, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
High
CVE-2023-35142
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Jun 14, 2023
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator...
High
Unreviewed
CVE-2023-20881
was published
May 19, 2023
A certificate validation vulnerability exists in the Baiying Android application which could lead...
High
Unreviewed
CVE-2022-48186
was published
May 1, 2023
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
High
Unreviewed
CVE-2023-31484
was published
Apr 29, 2023
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2...
High
Unreviewed
CVE-2023-22642
was published
Apr 11, 2023
A user with a compromised configuration can start an unsigned binary as a service.
High
Unreviewed
CVE-2023-28093
was published
Apr 10, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded...
High
Unreviewed
CVE-2022-27644
was published
Mar 29, 2023
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of...
High
Unreviewed
CVE-2023-20963
was published
Mar 24, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the...
High
Unreviewed
CVE-2023-0464
was published
Mar 22, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on...
High
Unreviewed
CVE-2022-4895
was published
Feb 28, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0...
High
Unreviewed
CVE-2022-39948
was published
Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a...
High
Unreviewed
CVE-2022-27890
was published
Feb 16, 2023
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default...
High
Unreviewed
CVE-2020-36658
was published
Jan 27, 2023
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by...
High
Unreviewed
CVE-2020-36659
was published
Jan 27, 2023
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for...
High
Unreviewed
CVE-2023-23690
was published
Jan 19, 2023
Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for...
High
Unreviewed
CVE-2022-42979
was published
Jan 6, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should...
High
Unreviewed
CVE-2022-34469
was published
Dec 22, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API