Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,101 advisories

Loading
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Improper Certificate Validation in kubeclient High
CVE-2022-0759 was published for kubeclient (RubyGems) Mar 26, 2022
tdunlap607
in-toto: PGP trust model not (fully) considered Moderate
GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted... Moderate Unreviewed
CVE-2021-22278 was published May 24, 2022
Improper Certificate Validation in openssl High
CVE-2016-10931 was published for openssl (Rust) Aug 25, 2021
Improper Certificate Validation in security-framework Moderate
CVE-2017-18588 was published for security-framework (Rust) Aug 25, 2021
Keycloak Untrusted Certificate Validation vulnerability Moderate
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) Jun 30, 2023
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can... High Unreviewed
CVE-2021-3935 was published May 24, 2022
Improper Certificate Validation in Puppet Moderate
CVE-2020-7942 was published for puppet (RubyGems) Apr 13, 2021
kevinsawicki/http-request Missing certificate validation Moderate
CVE-2019-1010206 was published for com.github.kevinsawicki:http-request (Maven) May 24, 2022
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the... Moderate Unreviewed
CVE-2023-1055 was published Feb 28, 2023
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by... Moderate Unreviewed
CVE-2021-45035 was published Sep 25, 2022
Helm Improper Certificate Validation Critical
CVE-2019-1010275 was published for helm.sh/helm (Go) May 24, 2022
Certificate check bypass in openssl-src High
CVE-2021-3450 was published for openssl-src (Rust) Aug 25, 2021
another-rex
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Pion/DLTS Accepts Client Certificates Without CertificateVerify Moderate
CVE-2022-29222 was published for github.com/pion/dtls (Go) May 25, 2022
Improper certificate validation in em-imap High
CVE-2020-13163 was published for em-imap (RubyGems) May 24, 2021
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM... High Unreviewed
CVE-2021-44273 was published Dec 24, 2021
tiny-json-http missing SSL certificate validation High
CVE-2018-1000096 was published for tiny-json-http (npm) Mar 13, 2018
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Apache Geode SSL endpoint verification vulnerability High
CVE-2019-10091 was published for org.apache.geode:geode-core (Maven) Feb 10, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability High
CVE-2019-12496 was published for github.com/hybridgroup/gobot (Go) May 24, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database