GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
62 advisories
Filter by severity
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2021-43882
was published
Dec 16, 2021
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not...
Critical
Unreviewed
CVE-2021-29656
was published
Feb 19, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for...
Critical
Unreviewed
CVE-2021-45490
was published
Mar 29, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL...
Critical
Unreviewed
CVE-2017-2800
was published
May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx...
Critical
Unreviewed
CVE-2018-11747
was published
May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to...
Critical
Unreviewed
CVE-2018-15387
was published
May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate...
Critical
Unreviewed
CVE-2018-5926
was published
May 13, 2022
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x...
Critical
Unreviewed
CVE-2019-3777
was published
May 13, 2022
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the...
Critical
Unreviewed
CVE-2019-3807
was published
May 13, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,...
Critical
Unreviewed
CVE-2017-17301
was published
May 13, 2022
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers,...
Critical
Unreviewed
CVE-2019-8351
was published
May 14, 2022
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL...
Critical
Unreviewed
CVE-2019-6266
was published
May 14, 2022
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL...
Critical
Unreviewed
CVE-2019-6592
was published
May 14, 2022
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to...
Critical
Unreviewed
CVE-2016-1000030
was published
May 14, 2022
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation...
Critical
Unreviewed
CVE-2018-12829
was published
May 14, 2022
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable...
Critical
Unreviewed
CVE-2018-4991
was published
May 14, 2022
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept...
Critical
Unreviewed
CVE-2018-9127
was published
May 14, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote...
Critical
Unreviewed
CVE-2015-3886
was published
May 17, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might...
Critical
Unreviewed
CVE-2015-7826
was published
May 17, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17944
was published
May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17945
was published
May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via...
Critical
Unreviewed
CVE-2015-2320
was published
May 24, 2022
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS...
Critical
Unreviewed
CVE-2018-21029
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because...
Critical
Unreviewed
CVE-2019-18632
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate...
Critical
Unreviewed
CVE-2019-18633
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API