Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

924 advisories

Loading
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,... Moderate Unreviewed
CVE-2009-4831 was published May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is... Moderate Unreviewed
CVE-2009-3767 was published May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust... High Unreviewed
CVE-2002-0862 was published Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01... High Unreviewed
CVE-2003-1229 was published Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed
CVE-2012-0955 was published Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed
CVE-2012-1316 was published Apr 23, 2022
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from... High Unreviewed
CVE-2012-5518 was published Apr 23, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. High Unreviewed
CVE-2012-6071 was published Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08... Moderate Unreviewed
CVE-2021-3898 was published Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of... Moderate Unreviewed
CVE-2011-2669 was published Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed
CVE-2011-2207 was published Apr 22, 2022
Mercurial Improper Certificate Validation vulnerability Moderate
CVE-2010-4237 was published for mercurial (pip) Apr 21, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates... Moderate Unreviewed
CVE-2007-5967 was published Apr 21, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed
CVE-2022-27536 was published Apr 21, 2022
Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated... High Unreviewed
CVE-2022-22549 was published Apr 13, 2022
Improper Certificate Validation High
CVE-2017-11770 was published for Microsoft.NETCore.App (NuGet) Apr 12, 2022
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This... Moderate Unreviewed
CVE-2022-20071 was published Apr 12, 2022
In A-GPS, there is a possible man in the middle attack due to improper certificate validation.... Moderate Unreviewed
CVE-2022-20081 was published Apr 12, 2022
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify... Moderate Unreviewed
CVE-2022-28352 was published Apr 3, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API