Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

487 advisories

Loading
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2... Moderate Unreviewed
CVE-2008-4989 was published May 14, 2022
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions... Moderate Unreviewed
CVE-2023-22943 was published Feb 14, 2023
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2... Moderate Unreviewed
CVE-2023-47537 was published Feb 15, 2024
The Chase mobile banking application for Android does not verify that the server hostname matches... Moderate Unreviewed
CVE-2012-5810 was published May 17, 2022
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate.... Moderate Unreviewed
CVE-2023-33760 was published Jan 25, 2024
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and... Moderate Unreviewed
CVE-2023-33757 was published Jan 25, 2024
Lynx does not verify that the server's certificate is signed by a trusted certification authority... Moderate Unreviewed
CVE-2012-5821 was published May 17, 2022
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the... Moderate Unreviewed
CVE-2014-1266 was published May 14, 2022
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL... Moderate Unreviewed
CVE-2011-0199 was published May 17, 2022
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products... Moderate Unreviewed
CVE-2023-47700 was published Feb 7, 2024
Applications that use a non-default option when verifying certificates may be vulnerable to an... Moderate Unreviewed
CVE-2023-0465 was published Mar 28, 2023
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate... Moderate Unreviewed
CVE-2023-0466 was published Mar 28, 2023
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker... Moderate Unreviewed
CVE-2020-7922 was published May 24, 2022
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name... Moderate Unreviewed
CVE-2023-28807 was published Jan 31, 2024
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS... Moderate Unreviewed
CVE-2023-41991 was published Sep 21, 2023
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
If the Node.js https API was used incorrectly and "undefined" was in passed for the ... Moderate Unreviewed
CVE-2021-22939 was published May 24, 2022
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to... Moderate Unreviewed
CVE-2023-50454 was published Dec 10, 2023
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database