Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
Filestash configured to skip TLS certificate verification when using the FTPS protocol High
CVE-2024-41255 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
Improper Certificate Validation in Apache Airflow High
CVE-2018-20245 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
Filestash skips TLS certificate verification process when sending out email verification codes High
CVE-2024-41256 was published for github.com/mickael-kerjean/filestash (Go) Jul 31, 2024
electron-updater Code Signing Bypass on Windows High
CVE-2024-39698 was published for electron-updater (npm) Jul 9, 2024
mmaietta thomas-chauchefoin-bentley-systems
eb-bsi
Beego privilege escalation vulnerability High
CVE-2024-40464 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Helm uses crypto package vulnerable to panic from malformed X.509 certificate High
CVE-2020-7919 was published for github.com/helm/helm (Go) Jun 23, 2021
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
Salt vulnerable to Improper Certificate Validation High
CVE-2015-4017 was published for salt (pip) May 14, 2022
Yelp OSXCollector Improper Certificate Validation High
CVE-2018-10406 was published for osxcollector (pip) May 13, 2022
Serverpod client accepts any certificate High
CVE-2024-29887 was published for serverpod_client (Pub) Mar 28, 2024
Skycoder42
Improper Certificate Validation in proton-j High
CVE-2018-17187 was published for org.apache.qpid:proton-j (Maven) Nov 21, 2018
MarkLee131
Improper Input Validation in Apache Thrift High
CVE-2018-1320 was published for org.apache.thrift:libthrift (Maven) Jan 17, 2019
szymon-miezal MarkLee131
The host name verification missing in Apache Tomcat High
CVE-2018-8034 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Jenkins Active Directory Plugin did not verify certificate of AD server High
CVE-2017-2649 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999034 was published for com.inedo.proget:inedo-proget (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API