Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when... High Unreviewed
CVE-2021-20230 was published May 24, 2022
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for... High Unreviewed
CVE-2021-26911 was published May 24, 2022
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for... High Unreviewed
CVE-2021-0341 was published May 24, 2022
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they... High Unreviewed
CVE-2021-3309 was published May 24, 2022
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts... High Unreviewed
CVE-2020-35733 was published May 24, 2022
Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true... High Unreviewed
CVE-2019-16281 was published May 24, 2022
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from... High Unreviewed
CVE-2020-8289 was published May 24, 2022
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to... High Unreviewed
CVE-2020-8286 was published May 24, 2022
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0... High Unreviewed
CVE-2020-8279 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. High Unreviewed
CVE-2020-28362 was published May 24, 2022
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a... High Unreviewed
CVE-2020-8241 was published May 24, 2022
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS... High Unreviewed
CVE-2019-17007 was published May 24, 2022
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack... High Unreviewed
CVE-2020-3994 was published May 24, 2022
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist... High Unreviewed
CVE-2020-1675 was published May 24, 2022
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle... High Unreviewed
CVE-2020-26117 was published May 24, 2022
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 ... High Unreviewed
CVE-2020-15604 was published May 24, 2022
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5... High Unreviewed
CVE-2020-5913 was published May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14... High Unreviewed
CVE-2020-16164 was published May 24, 2022
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third... High Unreviewed
CVE-2020-15719 was published May 24, 2022
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler... High Unreviewed
CVE-2020-1113 was published May 24, 2022
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a... High Unreviewed
CVE-2015-0294 was published May 24, 2022
The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which... High Unreviewed
CVE-2019-6032 was published May 24, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could... High Unreviewed
CVE-2019-16209 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database