GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
62 advisories
Filter by severity
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP...
Critical
Unreviewed
CVE-2019-20461
was published
Nov 7, 2024
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables...
Critical
Unreviewed
CVE-2024-45159
was published
Sep 5, 2024
There is a vulnerability in the AP Certificate Management Service which could allow a threat...
Critical
Unreviewed
CVE-2024-42395
was published
Aug 6, 2024
In gnss service, there is a possible escalation of privilege due to improper certificate...
Critical
Unreviewed
CVE-2024-20080
was published
Jul 1, 2024
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for...
Critical
Unreviewed
CVE-2023-5422
was published
Oct 16, 2023
Lack of TLS certificate verification in log transmission of a financial module within LINE Client...
Critical
Unreviewed
CVE-2023-5554
was published
Oct 12, 2023
In JetBrains Ktor before 2.3.5 server certificates were not verified
Critical
Unreviewed
CVE-2023-45613
was published
Oct 9, 2023
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed...
Critical
Unreviewed
CVE-2023-40256
was published
Aug 11, 2023
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute...
Critical
Unreviewed
CVE-2022-47758
was published
Apr 27, 2023
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows...
Critical
Unreviewed
CVE-2021-46880
was published
Apr 15, 2023
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable...
Critical
Unreviewed
CVE-2023-26463
was published
Apr 15, 2023
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c...
Critical
Unreviewed
CVE-2020-7043
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate...
Critical
Unreviewed
CVE-2019-18633
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because...
Critical
Unreviewed
CVE-2019-18632
was published
May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via...
Critical
Unreviewed
CVE-2015-2320
was published
May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17945
was published
May 24, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2017-17944
was published
May 24, 2022
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS...
Critical
Unreviewed
CVE-2018-21029
was published
May 24, 2022
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under...
Critical
Unreviewed
CVE-2024-25140
was published
Feb 6, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack...
Critical
Unreviewed
CVE-2023-50356
was published
Jan 31, 2024
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2021-43882
was published
Dec 16, 2021
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary...
Critical
Unreviewed
CVE-2023-42425
was published
Oct 31, 2023
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2022-45597
was published
Mar 25, 2023
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a...
Critical
Unreviewed
CVE-2022-26305
was published
Jul 26, 2022
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up...
Critical
Unreviewed
CVE-2022-31733
was published
Feb 3, 2023
ProTip!
Advisories are also available from the
GraphQL API