Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default Moderate
CVE-2024-28161 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024
Missing hostname validation in Kroxylicious Moderate
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation Moderate
CVE-2024-28162 was published for org.jenkins-ci.plugins:delphix (Maven) Mar 6, 2024
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper Certificate Validation in proton-j High
CVE-2018-17187 was published for org.apache.qpid:proton-j (Maven) Nov 21, 2018
MarkLee131
Improper Input Validation in Apache Thrift High
CVE-2018-1320 was published for org.apache.thrift:libthrift (Maven) Jan 17, 2019
szymon-miezal MarkLee131
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Jenkins Active Directory Plugin did not verify certificate of AD server High
CVE-2017-2649 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999034 was published for com.inedo.proget:inedo-proget (Maven) May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999035 was published for com.inedo.buildmaster:inedo-buildmaster (Maven) May 14, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability High
CVE-2018-1999025 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS High
CVE-2019-1003009 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database