GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
Moderate
CVE-2018-12087
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
SSL Validation Defaults to False in electron-packager
Low
CVE-2016-10534
was published
for
electron-packager
(npm)
Feb 18, 2019
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Certificate Validation in node-sass affects eZ Platform
Moderate
GHSA-6v6p-g8cg-2hgg
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Apr 1, 2022
Improper Certificate Validation
High
CVE-2017-11770
was published
for
Microsoft.NETCore.App
(NuGet)
Apr 12, 2022
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Improper Certificate Validation in TweetStream
Moderate
CVE-2020-24393
was published
for
tweetstream
(RubyGems)
Apr 13, 2021
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
Improper Certificate Validation in OWASP ZAP
Moderate
CVE-2022-27820
was published
for
org.zaproxy:zap
(Maven)
Mar 25, 2022
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Improper Certificate Validation in OkHttp
Moderate
CVE-2016-2402
was published
for
com.squareup.okhttp3:okhttp
(Maven)
May 13, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
Improper Certificate Validation in Jenkins
Moderate
CVE-2017-1000396
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Skip the router TLS configuration when the host header is an FQDN
High
CVE-2022-23632
was published
for
github.com/traefik/traefik/v2
(Go)
Feb 16, 2022
Authentication bypass vulnerability in Apple Game Center auth adapter
High
CVE-2022-31083
was published
for
parse-server
(npm)
Jun 17, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Jenkins CollabNet Plugin man in the middle vulnerability
Moderate
CVE-2018-1000605
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
May 14, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API