Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

953 advisories

Loading
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed... Moderate Unreviewed
CVE-2011-2874 was published May 13, 2022
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate... Moderate Unreviewed
CVE-2010-4685 was published May 13, 2022
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X... Moderate Unreviewed
CVE-2017-3212 was published May 13, 2022
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. High Unreviewed
CVE-2016-1148 was published May 13, 2022
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed
CVE-2017-5902 was published May 13, 2022
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5905 was published May 13, 2022
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not... Moderate Unreviewed
CVE-2017-9591 was published May 13, 2022
The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 --... Moderate Unreviewed
CVE-2017-9585 was published May 13, 2022
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3,... Moderate Unreviewed
CVE-2013-0776 was published May 13, 2022
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate... Moderate Unreviewed
CVE-2017-15528 was published May 13, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu... Moderate Unreviewed
CVE-2016-1252 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet... High Unreviewed
CVE-2018-1000500 was published May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed... High Unreviewed
CVE-2018-1000520 was published May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"... High Unreviewed
CVE-2017-1000256 was published May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check... High Unreviewed
CVE-2018-8020 was published May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not... Moderate Unreviewed
CVE-2014-0363 was published May 13, 2022
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not... Moderate Unreviewed
CVE-2016-4830 was published May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be... High Unreviewed
CVE-2017-7429 was published May 13, 2022
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL... Moderate Unreviewed
CVE-2017-8938 was published May 13, 2022
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an... Moderate Unreviewed
CVE-2017-10819 was published May 13, 2022
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5914 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database