Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Improper Certificate Validation in WP-CLI framework Critical
CVE-2021-29504 was published for wp-cli/wp-cli (Composer) May 19, 2021
WhiteWinterWolf
Improper Certificate Validation in xmlhttprequest-ssl Critical
CVE-2021-31597 was published for xmlhttprequest-ssl (npm) May 24, 2021
Improper Certificate Validation in Hutool Critical
CVE-2022-22885 was published for cn.hutool:hutool-http (Maven) Feb 17, 2022
Helm Improper Certificate Validation Critical
CVE-2019-1010275 was published for helm.sh/helm (Go) May 24, 2022
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Scalyr Agent Missing SSL Certificate Validation Critical
CVE-2020-24714 was published for scalyr-agent-2 (pip) May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation Critical
CVE-2020-24715 was published for scalyr-agent-2 (pip) May 24, 2022
Improper Certificate Validation in Apache Netbeans Critical
CVE-2019-17560 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication Critical
CVE-2022-32563 was published for couchbase (pip) Jun 11, 2022
fs2-io skips mTLS client verification Critical
CVE-2022-31183 was published for co.fs2:fs2-io (Maven) Jul 29, 2022
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
ProTip! Advisories are also available from the GraphQL API