GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
487 advisories
Filter by severity
A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software...
Moderate
Unreviewed
CVE-2020-3557
was published
May 24, 2022
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Moderate
Unreviewed
CVE-2020-8156
was published
May 24, 2022
Urllib3 Incorrect Certificate Validation
Moderate
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an...
Moderate
Unreviewed
CVE-2024-5918
was published
Nov 14, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Improper Certificate Validation in Apache Commons HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
Moderate
Unreviewed
CVE-2024-30149
was published
Oct 31, 2024
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to...
Moderate
Unreviewed
CVE-2024-28067
was published
Jul 9, 2024
This issue was addressed through improved state management. This issue is fixed in Safari 17.4,...
Moderate
Unreviewed
CVE-2024-23273
was published
Mar 8, 2024
An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass...
Moderate
Unreviewed
CVE-2024-31955
was published
Oct 15, 2024
IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the...
Moderate
Unreviewed
CVE-2024-43177
was published
Oct 22, 2024
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper...
Moderate
Unreviewed
CVE-2024-47241
was published
Oct 18, 2024
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could...
Moderate
Unreviewed
CVE-2024-20385
was published
Oct 2, 2024
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server...
Moderate
Unreviewed
CVE-2024-38324
was published
Sep 25, 2024
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
Moderate
Unreviewed
CVE-2024-9160
was published
Sep 27, 2024
Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM...
Moderate
Unreviewed
CVE-2024-38861
was published
Sep 27, 2024
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially...
Moderate
Unreviewed
CVE-2024-30134
was published
Sep 26, 2024
A flaw was found in libnbd. The client did not always correctly verify the NBD server's...
Moderate
Unreviewed
CVE-2024-7383
was published
Aug 5, 2024
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0...
Moderate
Unreviewed
CVE-2023-47742
was published
Mar 3, 2024
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate...
Moderate
Unreviewed
CVE-2024-39771
was published
Aug 28, 2024
ProTip!
Advisories are also available from the
GraphQL API