Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate
CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate
CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Improper Certificate Validation in Microsoft .NET Framework components Moderate
CVE-2018-8356 was published for System.Private.ServiceModel (NuGet) May 14, 2022
florelis skofman1
Jenkins CollabNet Plugin man in the middle vulnerability Moderate
CVE-2018-1000605 was published for org.jenkins-ci.plugins:collabnet (Maven) May 14, 2022
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Keycloak Authentication Error Moderate
CVE-2018-10894 was published for org.keycloak:keycloak-saml-adapter-core (Maven) May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
OpenStack Keystone and other components vulnerable to Improper Certificate Validation Moderate
CVE-2013-2255 was published for cinder (pip) May 5, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Mercurial Improper Certificate Validation vulnerability Moderate
CVE-2010-4237 was published for mercurial (pip) Apr 21, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket Moderate
CVE-2022-24968 was published for mellium.im/xmpp (Go) Feb 16, 2022
moparisthebest
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp Moderate
GHSA-m658-p24x-p74r was published for mellium.im/xmpp (Go) Feb 12, 2022 withdrawn
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak Moderate
CVE-2020-1758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core Moderate
CVE-2020-29457 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Nov 19, 2021
mregen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database