Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper Certificate Validation in apache HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate
CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Missing hostname validation in Email Extension Plugin Moderate
CVE-2020-2253 was published for org.jenkins-ci.plugins:email-ext (Maven) May 24, 2022
NotMyFault
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin Moderate
CVE-2020-2252 was published for org.jenkins-ci.plugins:mailer (Maven) May 24, 2022
westonsteimel
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10334 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation Moderate
GHSA-c892-cwq6-qrqf was published for org.keycloak:keycloak-core (Maven) May 26, 2023 withdrawn
Withdrawn Advisory: Netty-handler does not validate host names by default Moderate
CVE-2023-4586 was published for io.netty:netty-handler (Maven) Oct 4, 2023 withdrawn
normanmaurer
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation Moderate
CVE-2022-32531 was published for org.apache.bookkeeper:bookkeeper-common (Maven) Dec 15, 2022
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation Moderate
CVE-2023-32994 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API