Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
Httpful is Missing Certificate Validation Moderate
GHSA-gcfg-hmwx-wq5h was published for nategood/httpful (Composer) Sep 9, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default Moderate
CVE-2023-4586 was published for io.netty:netty-handler (Maven) Oct 4, 2023 withdrawn
normanmaurer
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost
Keycloak Untrusted Certificate Validation vulnerability Moderate
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) Jun 30, 2023
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation Moderate
GHSA-c892-cwq6-qrqf was published for org.keycloak:keycloak-core (Maven) May 26, 2023 withdrawn
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation Moderate
CVE-2023-32994 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
in-toto: PGP trust model not (fully) considered Moderate
GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation Moderate
CVE-2023-30516 was published for org.jenkins-ci.plugins:image-tag-parameter (Maven) Apr 12, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation Moderate
CVE-2023-30517 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Apr 12, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation Moderate
CVE-2022-32531 was published for org.apache.bookkeeper:bookkeeper-common (Maven) Dec 15, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Improper Certificate Validation in Liferay Portal Moderate
CVE-2022-42131 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation Moderate
CVE-2022-33683 was published for org.apache.pulsar:pulsar-broker (Maven) Sep 25, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation Moderate
CVE-2022-33682 was published for org.apache.pulsar:pulsar-broker (Maven) Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation Moderate
CVE-2022-33681 was published for org.apache.pulsar:pulsar-client (Maven) Sep 25, 2022
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Pion/DLTS Accepts Client Certificates Without CertificateVerify Moderate
CVE-2022-29222 was published for github.com/pion/dtls (Go) May 25, 2022
ProTip! Advisories are also available from the GraphQL API