Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

924 advisories

Loading
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5905 was published May 13, 2022
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed
CVE-2017-5902 was published May 13, 2022
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not... Moderate Unreviewed
CVE-2017-9591 was published May 13, 2022
The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 --... Moderate Unreviewed
CVE-2017-9585 was published May 13, 2022
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3,... Moderate Unreviewed
CVE-2013-0776 was published May 13, 2022
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate... Moderate Unreviewed
CVE-2017-15528 was published May 13, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu... Moderate Unreviewed
CVE-2016-1252 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet... High Unreviewed
CVE-2018-1000500 was published May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed... High Unreviewed
CVE-2018-1000520 was published May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"... High Unreviewed
CVE-2017-1000256 was published May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check... High Unreviewed
CVE-2018-8020 was published May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not... Moderate Unreviewed
CVE-2014-0363 was published May 13, 2022
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not... Moderate Unreviewed
CVE-2016-4830 was published May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be... High Unreviewed
CVE-2017-7429 was published May 13, 2022
Improper Certificate Validation in apache HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL... Moderate Unreviewed
CVE-2017-8938 was published May 13, 2022
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an... Moderate Unreviewed
CVE-2017-10819 was published May 13, 2022
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5914 was published May 13, 2022
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to... Moderate Unreviewed
CVE-2018-18568 was published May 13, 2022
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS... Moderate Unreviewed
CVE-2017-8936 was published May 13, 2022
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath... High Unreviewed
CVE-2017-6594 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API