GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP...
Critical
Unreviewed
CVE-2019-20461
was published
Nov 7, 2024
splunk-sdk does not properly verify untrusted TLS server certificates
Critical
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables...
Critical
Unreviewed
CVE-2024-45159
was published
Sep 5, 2024
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
There is a vulnerability in the AP Certificate Management Service which could allow a threat...
Critical
Unreviewed
CVE-2024-42395
was published
Aug 6, 2024
In gnss service, there is a possible escalation of privilege due to improper certificate...
Critical
Unreviewed
CVE-2024-20080
was published
Jul 1, 2024
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for...
Critical
Unreviewed
CVE-2023-5422
was published
Oct 16, 2023
Lack of TLS certificate verification in log transmission of a financial module within LINE Client...
Critical
Unreviewed
CVE-2023-5554
was published
Oct 12, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified
Critical
Unreviewed
CVE-2023-45613
was published
Oct 9, 2023
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed...
Critical
Unreviewed
CVE-2023-40256
was published
Aug 11, 2023
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute...
Critical
Unreviewed
CVE-2022-47758
was published
Apr 27, 2023
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows...
Critical
Unreviewed
CVE-2021-46880
was published
Apr 15, 2023
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable...
Critical
Unreviewed
CVE-2023-26463
was published
Apr 15, 2023
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c...
Critical
Unreviewed
CVE-2020-7043
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate...
Critical
Unreviewed
CVE-2019-18633
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because...
Critical
Unreviewed
CVE-2019-18632
was published
May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via...
Critical
Unreviewed
CVE-2015-2320
was published
May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17945
was published
May 24, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17944
was published
May 24, 2022
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS...
Critical
Unreviewed
CVE-2018-21029
was published
May 24, 2022
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under...
Critical
Unreviewed
CVE-2024-25140
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API