Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
AlexV525
Windows Secure Channel Spoofing Vulnerability High Unreviewed
CVE-2024-43550 was published Oct 8, 2024
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate High
CVE-2014-0161 was published for ovirt-engine-sdk-python (pip) May 17, 2022
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS... High Unreviewed
CVE-2024-7206 was published Oct 8, 2024
Yelp OSXCollector Improper Certificate Validation High
CVE-2018-10406 was published for osxcollector (pip) May 13, 2022
DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper... High Unreviewed
CVE-2023-31190 was published Jul 11, 2023
OpenStack keystonemiddleware does not verify certificate High
CVE-2014-7144 was published for keystonemiddleware (pip) May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks High
CVE-2015-1852 was published for keystonemiddleware (pip) May 17, 2022
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024... High Unreviewed
CVE-2024-43201 was published Sep 23, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to... High Unreviewed
CVE-2024-31872 was published Apr 10, 2024
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS... High Unreviewed
CVE-2024-8287 was published Sep 18, 2024
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
An improper certificate validation vulnerability in TLS certificate validation allows an attacker... High Unreviewed
CVE-2024-40714 was published Sep 7, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Improper Certificate Validation in Apache Airflow High
CVE-2018-20245 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an... High Unreviewed
CVE-2024-41996 was published Aug 26, 2024
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on... High Unreviewed
CVE-2022-32509 was published May 14, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and... High Unreviewed
CVE-2024-7570 was published Aug 13, 2024
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
eb-bsi
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed... High Unreviewed
CVE-2024-6472 was published Aug 5, 2024
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted... High Unreviewed
CVE-2023-40104 was published Feb 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database