GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Agent Dart is missing certificate verification checks
High
CVE-2024-48915
was published
for
agent_dart
(Pub)
Oct 15, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
Serverpod client accepts any certificate
High
CVE-2024-29887
was published
for
serverpod_client
(Pub)
Mar 28, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
High
CVE-2023-35142
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Jun 14, 2023
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation
High
CVE-2009-4123
was published
for
jruby-openssl
(RubyGems)
Jan 19, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
SaltStack Salt Improper Certificate Validation
High
CVE-2020-28972
was published
for
salt
(pip)
May 24, 2022
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin
High
CVE-2019-16561
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API