GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
splunk-sdk does not properly verify untrusted TLS server certificates
Critical
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Improper Certificate Validation in WP-CLI framework
Critical
CVE-2021-29504
was published
for
wp-cli/wp-cli
(Composer)
May 19, 2021
Improper Certificate Validation in xmlhttprequest-ssl
Critical
CVE-2021-31597
was published
for
xmlhttprequest-ssl
(npm)
May 24, 2021
Improper Certificate Validation in Hutool
Critical
CVE-2022-22885
was published
for
cn.hutool:hutool-http
(Maven)
Feb 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
Keycloak Authentication Error
Critical
CVE-2019-14910
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Improper Certificate Validation in Apache Netbeans
Critical
CVE-2019-17560
was published
for
org.codehaus.mevenide:netbeans
(Maven)
May 24, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
fs2-io skips mTLS client verification
Critical
CVE-2022-31183
was published
for
co.fs2:fs2-io
(Maven)
Jul 29, 2022
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
ProTip!
Advisories are also available from the
GraphQL API