Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

351 advisories

Loading
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker... High Unreviewed
CVE-2023-30729 was published Sep 6, 2023
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of... High Unreviewed
CVE-2023-1409 was published Aug 23, 2023
In multiple locations, there are root CA certificates which need to be disabled. This could lead... High Unreviewed
CVE-2023-21265 was published Aug 14, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on... High Unreviewed
CVE-2023-34143 was published Jul 18, 2023
If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension)... High Unreviewed
CVE-2023-3724 was published Jul 18, 2023
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS... High Unreviewed
CVE-2023-3615 was published Jul 17, 2023
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual... High Unreviewed
CVE-2021-21548 was published Jul 6, 2023
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software... High Unreviewed
CVE-2022-32748 was published Jul 6, 2023
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32... High Unreviewed
CVE-2023-23546 was published Jul 6, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients High
CVE-2023-2422 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
artsploit
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and... High Unreviewed
CVE-2023-30222 was published Jun 16, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator... High Unreviewed
CVE-2023-20881 was published May 19, 2023
A certificate validation vulnerability exists in the Baiying Android application which could lead... High Unreviewed
CVE-2022-48186 was published May 1, 2023
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. High Unreviewed
CVE-2023-31484 was published Apr 29, 2023
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2... High Unreviewed
CVE-2023-22642 was published Apr 11, 2023
A user with a compromised configuration can start an unsigned binary as a service. High Unreviewed
CVE-2023-28093 was published Apr 10, 2023
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded... High Unreviewed
CVE-2022-27644 was published Mar 29, 2023
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of... High Unreviewed
CVE-2023-20963 was published Mar 24, 2023
A security vulnerability has been identified in all supported versions of OpenSSL related to the... High Unreviewed
CVE-2023-0464 was published Mar 22, 2023
Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on... High Unreviewed
CVE-2022-4895 was published Feb 28, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0... High Unreviewed
CVE-2022-39948 was published Feb 16, 2023
It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a... High Unreviewed
CVE-2022-27890 was published Feb 16, 2023
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by... High Unreviewed
CVE-2020-36659 was published Jan 27, 2023
ProTip! Advisories are also available from the GraphQL API