GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
SSL Validation Defaults to False in electron-packager
Low
CVE-2016-10534
was published
for
electron-packager
(npm)
Feb 18, 2019
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well...
Low
Unreviewed
CVE-2019-1552
was published
May 24, 2022
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS)...
Low
Unreviewed
CVE-2021-1354
was published
May 24, 2022
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support...
Low
Unreviewed
CVE-2022-34394
was published
Sep 29, 2022
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw...
Low
Unreviewed
CVE-2021-22138
was published
May 24, 2022
Improper Certificate Validation in Cosign
Low
CVE-2022-23649
was published
for
github.com/sigstore/cosign
(Go)
Feb 22, 2022
It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a...
Low
Unreviewed
CVE-2022-48307
was published
Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a...
Low
Unreviewed
CVE-2022-48308
was published
Feb 16, 2023
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox...
Low
Unreviewed
CVE-2023-34414
was published
Jun 19, 2023
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Low
CVE-2020-9488
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jun 5, 2020
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field...
Low
Unreviewed
CVE-2012-2993
was published
May 17, 2022
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability...
Low
Unreviewed
CVE-2023-32464
was published
Jun 23, 2023
A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as...
Low
Unreviewed
CVE-2024-4063
was published
Apr 23, 2024
A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic....
Low
Unreviewed
CVE-2024-4062
was published
Apr 23, 2024
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive...
Low
Unreviewed
CVE-2023-37397
was published
Apr 19, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Low
CVE-2024-29733
was published
for
apache-airflow-providers-ftp
(pip)
Apr 21, 2024
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a...
Low
Unreviewed
CVE-2024-4786
was published
Jul 26, 2024
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not...
Low
Unreviewed
CVE-2024-5445
was published
Aug 12, 2024
An improper certificate validation vulnerability has been reported to affect QuMagie. If...
Low
Unreviewed
CVE-2024-38642
was published
Sep 6, 2024
ProTip!
Advisories are also available from the
GraphQL API