GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
351 advisories
Filter by severity
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker...
High
Unreviewed
CVE-2023-30729
was published
Sep 6, 2023
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of...
High
Unreviewed
CVE-2023-1409
was published
Aug 23, 2023
In multiple locations, there are root CA certificates which need to be disabled. This could lead...
High
Unreviewed
CVE-2023-21265
was published
Aug 14, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on...
High
Unreviewed
CVE-2023-34143
was published
Jul 18, 2023
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension)...
High
Unreviewed
CVE-2023-3724
was published
Jul 18, 2023
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS...
High
Unreviewed
CVE-2023-3615
was published
Jul 17, 2023
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual...
High
Unreviewed
CVE-2021-21548
was published
Jul 6, 2023
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software...
High
Unreviewed
CVE-2022-32748
was published
Jul 6, 2023
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32...
High
Unreviewed
CVE-2023-23546
was published
Jul 6, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and...
High
Unreviewed
CVE-2023-30222
was published
Jun 16, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
High
CVE-2023-35142
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Jun 14, 2023
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator...
High
Unreviewed
CVE-2023-20881
was published
May 19, 2023
A certificate validation vulnerability exists in the Baiying Android application which could lead...
High
Unreviewed
CVE-2022-48186
was published
May 1, 2023
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
High
Unreviewed
CVE-2023-31484
was published
Apr 29, 2023
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2...
High
Unreviewed
CVE-2023-22642
was published
Apr 11, 2023
A user with a compromised configuration can start an unsigned binary as a service.
High
Unreviewed
CVE-2023-28093
was published
Apr 10, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded...
High
Unreviewed
CVE-2022-27644
was published
Mar 29, 2023
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of...
High
Unreviewed
CVE-2023-20963
was published
Mar 24, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the...
High
Unreviewed
CVE-2023-0464
was published
Mar 22, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on...
High
Unreviewed
CVE-2022-4895
was published
Feb 28, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0...
High
Unreviewed
CVE-2022-39948
was published
Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a...
High
Unreviewed
CVE-2022-27890
was published
Feb 16, 2023
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by...
High
Unreviewed
CVE-2020-36659
was published
Jan 27, 2023
ProTip!
Advisories are also available from the
GraphQL API