Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,099 advisories

Loading
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when... Moderate Unreviewed
CVE-2019-15604 was published May 24, 2022
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass... Moderate Unreviewed
CVE-2018-20200 was published May 24, 2022
libcurl-using applications can ask for a specific client certificate to be used in a transfer.... High Unreviewed
CVE-2021-22926 was published May 24, 2022
Serverpod client accepts any certificate High
CVE-2024-29887 was published for serverpod_client (Pub) Mar 28, 2024
Skycoder42
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS... Critical Unreviewed
CVE-2018-21029 was published May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14... Moderate Unreviewed
CVE-2020-16162 was published May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28... Moderate Unreviewed
CVE-2020-16163 was published May 24, 2022
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-27323 was published Apr 2, 2024
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed
CVE-2011-2207 was published Apr 22, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of... Moderate Unreviewed
CVE-2011-2669 was published Apr 22, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. High Unreviewed
CVE-2012-6071 was published Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed
CVE-2012-1316 was published Apr 23, 2022
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. High Unreviewed
CVE-2014-2902 was published May 17, 2022
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. High Unreviewed
CVE-2014-2901 was published May 17, 2022
duplicity 0.6.24 has improper verification of SSL certificates High Unreviewed
CVE-2014-3495 was published May 17, 2022
A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of... High Unreviewed
CVE-2019-1590 was published May 24, 2022
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches... High Unreviewed
CVE-2019-1859 was published May 24, 2022
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper... Moderate Unreviewed
CVE-2019-11550 was published May 24, 2022
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing... High Unreviewed
CVE-2018-20135 was published May 24, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17944 was published May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17945 was published May 24, 2022
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG... High Unreviewed
CVE-2019-13050 was published May 24, 2022
The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509... High Unreviewed
CVE-2019-5961 was published May 24, 2022
Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows... Moderate Unreviewed
CVE-2019-9148 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database