GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
MongoDB Tools Improper Certificate Validation vulnerability
Moderate
CVE-2020-7924
was published
for
github.com/mongodb/mongo-tools
(Go)
May 24, 2022
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Moderate
CVE-2022-24968
was published
for
mellium.im/xmpp
(Go)
Feb 16, 2022
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Moderate
GHSA-m658-p24x-p74r
was published
for
mellium.im/xmpp
(Go)
Feb 12, 2022
•
withdrawn
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25835
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability
High
CVE-2019-12496
was published
for
github.com/hybridgroup/gobot
(Go)
May 24, 2022
Pion/DLTS Accepts Client Certificates Without CertificateVerify
Moderate
CVE-2022-29222
was published
for
github.com/pion/dtls
(Go)
May 25, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
HashiCorp Consul Privilege Escalation Vulnerability
High
CVE-2021-37219
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
High
CVE-2021-3761
was published
for
github.com/cloudflare/cfrpki
(Go)
Sep 7, 2021
Improper Certificate Validation in Cosign
Low
CVE-2022-23649
was published
for
github.com/sigstore/cosign
(Go)
Feb 22, 2022
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Privilege escalation in Hashicorp Nomad
High
CVE-2021-37218
was published
for
github.com/hashicorp/nomad
(Go)
Sep 8, 2021
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Skip the router TLS configuration when the host header is an FQDN
High
CVE-2022-23632
was published
for
github.com/traefik/traefik/v2
(Go)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API