GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Improper Validation of Certificates in apache axis
Moderate
CVE-2014-3596
was published
for
axis:axis
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate
CVE-2018-10936
was published
for
org.postgresql:pgjdbc-aggregate
(Maven)
Oct 19, 2018
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Disabled Hostname Verification in Opencast
High
CVE-2020-26234
was published
for
org.opencastproject:opencast-kernel
(Maven)
Dec 8, 2020
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
High
CVE-2021-44549
was published
for
org.apache.sling:org.apache.sling.commons.messaging.mail
(Maven)
Dec 16, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL...
Moderate
Unreviewed
CVE-2017-2913
was published
May 13, 2022
An exploitable vulnerability exists in the remote control functionality of Circle with Disney...
Moderate
Unreviewed
CVE-2017-2912
was published
May 13, 2022
An exploitable vulnerability exists in the remote control functionality of Circle with Disney...
Moderate
Unreviewed
CVE-2017-2911
was published
May 13, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10...
Moderate
Unreviewed
CVE-2014-3522
was published
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47...
Moderate
Unreviewed
CVE-2016-1280
was published
May 17, 2022
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG...
High
Unreviewed
CVE-2019-13050
was published
May 24, 2022
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate...
High
Unreviewed
CVE-2020-14387
was published
May 24, 2022
Jenkins SmallTest Plugin missing hostname validation
Moderate
CVE-2022-41243
was published
for
com.smalltest:smalltest
(Maven)
Sep 22, 2022
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability...
Moderate
Unreviewed
CVE-2023-24568
was published
May 30, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on...
High
Unreviewed
CVE-2023-34143
was published
Jul 18, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6...
Moderate
Unreviewed
CVE-2022-22305
was published
Sep 1, 2023
KEPServerEX does not properly validate certificates from clients which may allow...
High
Unreviewed
CVE-2023-5909
was published
Dec 1, 2023
libcurl did not check the server certificate of TLS connections done to a host specified as an IP...
Moderate
Unreviewed
CVE-2024-2466
was published
Mar 27, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
Allow attackers to intercept or falsify data exchanges between the client
and the server
Unknown
Unreviewed
CVE-2024-2462
was published
Jun 11, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
ProTip!
Advisories are also available from the
GraphQL API