GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
186 advisories
Filter by severity
Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2019-10314
was published
for
org.jenkins-ci.plugins:koji
(Maven)
May 24, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2019-10317
was published
for
org.jvnet.hudson.plugins:sitemonitor
(Maven)
May 24, 2022
Improper Certificate Validation in Apache Qpid Proton
High
CVE-2019-0223
was published
for
org.apache.qpid:proton-j
(Maven)
May 24, 2022
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
Moderate
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
OpenStack keystonemiddleware does not verify certificate
Moderate
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Improper Input Validation in XFire
High
CVE-2012-5817
was published
for
org.codehaus.xfire:xfire-core
(Maven)
May 17, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
Moderate
CVE-2017-1000209
was published
for
com.neovisionaries:nv-websocket-client
(Maven)
May 17, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
Moderate
CVE-2018-1000151
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
Salt vulnerable to Improper Certificate Validation
High
CVE-2015-4017
was published
for
salt
(pip)
May 14, 2022
Improper Certificate Validation in Microsoft .NET Framework components
Moderate
CVE-2018-8356
was published
for
System.Private.ServiceModel
(NuGet)
May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
High
CVE-2018-1999025
was published
for
de.tracetronic.jenkins.plugins:ecutest
(Maven)
May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999035
was published
for
com.inedo.buildmaster:inedo-buildmaster
(Maven)
May 14, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
High
CVE-2018-1999034
was published
for
com.inedo.proget:inedo-proget
(Maven)
May 14, 2022
Jenkins CollabNet Plugin man in the middle vulnerability
Moderate
CVE-2018-1000605
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
May 14, 2022
Cloud Foundry vulnerable to Improper Certificate Validation
Moderate
CVE-2016-5016
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Improper Certificate Validation in Jenkins
Moderate
CVE-2017-1000396
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Yelp OSXCollector Improper Certificate Validation
High
CVE-2018-10406
was published
for
osxcollector
(pip)
May 13, 2022
Jenkins Active Directory Plugin did not verify certificate of AD server
High
CVE-2017-2649
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 13, 2022
Jenkins SSH Build Agents Plugin did not verify host keys
Moderate
CVE-2017-2648
was published
for
org.jenkins-ci.plugins:ssh-slaves
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API