GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
924 advisories
Filter by severity
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers,...
Moderate
Unreviewed
CVE-2017-5905
was published
May 13, 2022
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which...
Moderate
Unreviewed
CVE-2017-5902
was published
May 13, 2022
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not...
Moderate
Unreviewed
CVE-2017-9591
was published
May 13, 2022
The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 --...
Moderate
Unreviewed
CVE-2017-9585
was published
May 13, 2022
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3,...
Moderate
Unreviewed
CVE-2013-0776
was published
May 13, 2022
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate...
Moderate
Unreviewed
CVE-2017-15528
was published
May 13, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu...
Moderate
Unreviewed
CVE-2016-1252
was published
May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to...
Critical
Unreviewed
CVE-2018-15387
was published
May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet...
High
Unreviewed
CVE-2018-1000500
was published
May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed...
High
Unreviewed
CVE-2018-1000520
was published
May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"...
High
Unreviewed
CVE-2017-1000256
was published
May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx...
Critical
Unreviewed
CVE-2018-11747
was published
May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check...
High
Unreviewed
CVE-2018-8020
was published
May 13, 2022
Improper Certificate Validation in OkHttp
Moderate
CVE-2016-2402
was published
for
com.squareup.okhttp3:okhttp
(Maven)
May 13, 2022
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not...
Moderate
Unreviewed
CVE-2014-0363
was published
May 13, 2022
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not...
Moderate
Unreviewed
CVE-2016-4830
was published
May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be...
High
Unreviewed
CVE-2017-7429
was published
May 13, 2022
Improper Certificate Validation in apache HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL...
Moderate
Unreviewed
CVE-2017-8938
was published
May 13, 2022
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an...
Moderate
Unreviewed
CVE-2017-10819
was published
May 13, 2022
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers,...
Moderate
Unreviewed
CVE-2017-5914
was published
May 13, 2022
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to...
Moderate
Unreviewed
CVE-2018-18568
was published
May 13, 2022
Improper Certificate Validation in Apache CXF
Moderate
CVE-2017-5653
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS...
Moderate
Unreviewed
CVE-2017-8936
was published
May 13, 2022
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath...
High
Unreviewed
CVE-2017-6594
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API