GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
351 advisories
Filter by severity
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS...
High
Unreviewed
CVE-2024-8287
was published
Sep 18, 2024
An improper certificate validation vulnerability in TLS certificate validation allows an attacker...
High
Unreviewed
CVE-2024-40714
was published
Sep 7, 2024
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an...
High
Unreviewed
CVE-2024-41996
was published
Aug 26, 2024
A flaw was found in the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an...
High
Unreviewed
CVE-2024-8007
was published
Aug 21, 2024
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and...
High
Unreviewed
CVE-2024-7570
was published
Aug 13, 2024
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed...
High
Unreviewed
CVE-2024-6472
was published
Aug 5, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the...
High
Unreviewed
CVE-2024-28872
was published
Jul 11, 2024
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3...
High
Unreviewed
CVE-2023-50178
was published
Jul 9, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism...
High
Unreviewed
CVE-2024-28021
was published
Jun 11, 2024
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate...
High
Unreviewed
CVE-2024-35140
was published
May 31, 2024
An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on...
High
Unreviewed
CVE-2022-32509
was published
May 14, 2024
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution...
High
Unreviewed
CVE-2023-35721
was published
May 3, 2024
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This...
High
Unreviewed
CVE-2024-3738
was published
Apr 13, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to...
High
Unreviewed
CVE-2024-31871
was published
Apr 10, 2024
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-27323
was published
Apr 2, 2024
Serverpod client accepts any certificate
High
CVE-2024-29887
was published
for
serverpod_client
(Pub)
Mar 28, 2024
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer...
High
Unreviewed
CVE-2024-1351
was published
Mar 7, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted...
High
Unreviewed
CVE-2023-40104
was published
Feb 16, 2024
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can...
High
Unreviewed
CVE-2024-25642
was published
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API