GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
390 advisories
Filter by severity
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an...
Moderate
Unreviewed
CVE-2020-9525
was published
May 24, 2022
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers...
Moderate
Unreviewed
CVE-2020-17366
was published
May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14...
Moderate
Unreviewed
CVE-2020-16162
was published
May 24, 2022
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28...
Moderate
Unreviewed
CVE-2020-16163
was published
May 24, 2022
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the...
Moderate
Unreviewed
CVE-2020-14039
was published
May 24, 2022
When performing add-on updates, certificate chains terminating in non-built-in-roots were...
Moderate
Unreviewed
CVE-2020-12421
was published
May 24, 2022
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate...
Moderate
Unreviewed
CVE-2020-14981
was published
May 24, 2022
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate...
Moderate
Unreviewed
CVE-2020-14980
was published
May 24, 2022
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and ...
Moderate
Unreviewed
CVE-2020-8172
was published
May 24, 2022
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips...
Moderate
Unreviewed
CVE-2020-13645
was published
May 24, 2022
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
Moderate
Unreviewed
CVE-2020-13616
was published
May 24, 2022
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname...
Moderate
Unreviewed
CVE-2020-13614
was published
May 24, 2022
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Moderate
Unreviewed
CVE-2020-8156
was published
May 24, 2022
A missing secure communication definition and an incomplete TLS validation in the upgrade service...
Moderate
Unreviewed
CVE-2019-19101
was published
May 24, 2022
In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process...
Moderate
Unreviewed
CVE-2020-11806
was published
May 24, 2022
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker...
Moderate
Unreviewed
CVE-2020-7922
was published
May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet...
Moderate
Unreviewed
CVE-2020-11580
was published
May 24, 2022
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c...
Moderate
Unreviewed
CVE-2020-7042
was published
May 24, 2022
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when...
Moderate
Unreviewed
CVE-2019-15604
was published
May 24, 2022
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic...
Moderate
Unreviewed
CVE-2020-0601
was published
May 24, 2022
The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation,...
Moderate
Unreviewed
CVE-2019-11554
was published
May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,...
Moderate
Unreviewed
CVE-2019-5101
was published
May 24, 2022
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt,...
Moderate
Unreviewed
CVE-2019-5102
was published
May 24, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation...
Moderate
Unreviewed
CVE-2019-5537
was published
May 24, 2022
Sensitive information disclosure vulnerability resulting from a lack of certificate validation...
Moderate
Unreviewed
CVE-2019-5538
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API