GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Certificate check bypass in openssl-src
High
CVE-2021-3450
was published
for
openssl-src
(Rust)
Aug 25, 2021
Improper Certificate Validation in openssl
High
CVE-2016-10931
was published
for
openssl
(Rust)
Aug 25, 2021
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Improper Certificate Validation in EM-HTTP-Request
High
CVE-2020-13482
was published
for
em-http-request
(RubyGems)
May 24, 2021
Improper certificate validation in em-imap
High
CVE-2020-13163
was published
for
em-imap
(RubyGems)
May 24, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Improper Certificate Validation in blackduck
High
CVE-2020-27589
was published
for
blackduck
(pip)
Apr 20, 2021
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
Missing TLS certificate verification in faye-websocket
High
CVE-2020-15133
was published
for
faye-websocket
(RubyGems)
Jul 31, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
Improper Certificate Validation in Twisted
High
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
Moderate severity vulnerability that affects splunk-sdk
High
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Improper Certificate Validation in chloride
High
CVE-2018-6517
was published
for
chloride
(RubyGems)
Mar 25, 2019
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
ProTip!
Advisories are also available from the
GraphQL API