Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
splunk-sdk does not properly verify untrusted TLS server certificates Critical
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
Improper Certificate Validation in WP-CLI framework Critical
CVE-2021-29504 was published for wp-cli/wp-cli (Composer) May 19, 2021
WhiteWinterWolf
Improper Certificate Validation in xmlhttprequest-ssl Critical
CVE-2021-31597 was published for xmlhttprequest-ssl (npm) May 24, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE... Critical Unreviewed
CVE-2021-43882 was published Dec 16, 2021
Improper Certificate Validation in Hutool Critical
CVE-2022-22885 was published for cn.hutool:hutool-http (Maven) Feb 17, 2022
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not... Critical Unreviewed
CVE-2021-29656 was published Feb 19, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for... Critical Unreviewed
CVE-2021-45490 was published Mar 29, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL... Critical Unreviewed
CVE-2017-2800 was published May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate... Critical Unreviewed
CVE-2018-5926 was published May 13, 2022
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the... Critical Unreviewed
CVE-2019-3807 was published May 13, 2022
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x... Critical Unreviewed
CVE-2019-3777 was published May 13, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,... Critical Unreviewed
CVE-2017-17301 was published May 13, 2022
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers,... Critical Unreviewed
CVE-2019-8351 was published May 14, 2022
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL... Critical Unreviewed
CVE-2019-6266 was published May 14, 2022
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL... Critical Unreviewed
CVE-2019-6592 was published May 14, 2022
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to... Critical Unreviewed
CVE-2016-1000030 was published May 14, 2022
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation... Critical Unreviewed
CVE-2018-12829 was published May 14, 2022
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable... Critical Unreviewed
CVE-2018-4991 was published May 14, 2022
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept... Critical Unreviewed
CVE-2018-9127 was published May 14, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote... Critical Unreviewed
CVE-2015-3886 was published May 17, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might... Critical Unreviewed
CVE-2015-7826 was published May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Critical
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17944 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database