GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
272 advisories
Filter by severity
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA...
High
Unreviewed
CVE-2021-1134
was published
May 24, 2022
Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in...
High
Unreviewed
CVE-2020-15732
was published
May 24, 2022
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco...
High
Unreviewed
CVE-2021-1566
was published
May 24, 2022
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0...
High
Unreviewed
CVE-2021-24012
was published
May 24, 2022
A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to...
High
Unreviewed
CVE-2021-22909
was published
May 24, 2022
libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds,...
High
Unreviewed
CVE-2016-20011
was published
May 24, 2022
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback...
High
Unreviewed
CVE-2021-32919
was published
May 24, 2022
Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version...
High
Unreviewed
CVE-2021-20695
was published
May 24, 2022
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets...
High
Unreviewed
CVE-2021-27400
was published
May 24, 2022
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude...
High
Unreviewed
CVE-2021-29653
was published
May 24, 2022
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux...
High
Unreviewed
CVE-2021-27899
was published
May 24, 2022
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to...
High
Unreviewed
CVE-2021-22189
was published
May 24, 2022
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when...
High
Unreviewed
CVE-2021-20230
was published
May 24, 2022
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for...
High
Unreviewed
CVE-2021-26911
was published
May 24, 2022
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for...
High
Unreviewed
CVE-2021-0341
was published
May 24, 2022
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they...
High
Unreviewed
CVE-2021-3309
was published
May 24, 2022
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts...
High
Unreviewed
CVE-2020-35733
was published
May 24, 2022
Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true...
High
Unreviewed
CVE-2019-16281
was published
May 24, 2022
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from...
High
Unreviewed
CVE-2020-8289
was published
May 24, 2022
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to...
High
Unreviewed
CVE-2020-8286
was published
May 24, 2022
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0...
High
Unreviewed
CVE-2020-8279
was published
May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
High
Unreviewed
CVE-2020-28362
was published
May 24, 2022
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a...
High
Unreviewed
CVE-2020-8241
was published
May 24, 2022
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS...
High
Unreviewed
CVE-2019-17007
was published
May 24, 2022
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack...
High
Unreviewed
CVE-2020-3994
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API