Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

959 advisories

Loading
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL... Moderate Unreviewed
CVE-2017-2913 was published May 13, 2022
Improper Certificate Handling Moderate
CVE-2020-9321 was published for github.com/traefik/traefik (Go) Sep 2, 2021
avivdolev
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed
CVE-2018-4015 was published May 13, 2022
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client... High Unreviewed
CVE-2018-0227 was published May 13, 2022
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under... Moderate Unreviewed
CVE-2022-25243 was published Mar 11, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed
CVE-2021-44532 was published Feb 25, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable... Moderate Unreviewed
CVE-2022-22946 was published Mar 5, 2022
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and... Moderate Unreviewed
CVE-2015-3152 was published May 14, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible... Critical Unreviewed
CVE-2022-34831 was published Sep 15, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5,... Moderate Unreviewed
CVE-2022-26766 was published May 27, 2022
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname... Moderate Unreviewed
CVE-2020-13614 was published May 24, 2022
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an... Moderate Unreviewed
CVE-2020-16197 was published May 24, 2022
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0... Moderate Unreviewed
CVE-2022-29082 was published May 27, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed
CVE-2021-20109 was published May 24, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker... Critical Unreviewed
CVE-2021-20110 was published May 24, 2022
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses... Moderate Unreviewed
CVE-2022-26491 was published Jun 3, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line... Critical Unreviewed
CVE-2022-32156 was published Jun 16, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept... Moderate Unreviewed
CVE-2021-36382 was published May 24, 2022
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service... High Unreviewed
CVE-2022-26493 was published Jun 4, 2022
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key... Moderate Unreviewed
CVE-2021-34558 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database