GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
767 advisories
Filter by severity
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust...
High
Unreviewed
CVE-2002-0862
was published
Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01...
High
Unreviewed
CVE-2003-1229
was published
Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS...
High
Unreviewed
CVE-2012-0955
was published
Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead...
Moderate
Unreviewed
CVE-2012-1316
was published
Apr 23, 2022
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from...
High
Unreviewed
CVE-2012-5518
was published
Apr 23, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
High
Unreviewed
CVE-2012-6071
was published
Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08...
Moderate
Unreviewed
CVE-2021-3898
was published
Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of...
Moderate
Unreviewed
CVE-2011-2669
was published
Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to...
Moderate
Unreviewed
CVE-2011-2207
was published
Apr 22, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates...
Moderate
Unreviewed
CVE-2007-5967
was published
Apr 21, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when...
High
Unreviewed
CVE-2022-27536
was published
Apr 21, 2022
Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated...
High
Unreviewed
CVE-2022-22549
was published
Apr 13, 2022
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This...
Moderate
Unreviewed
CVE-2022-20071
was published
Apr 12, 2022
In A-GPS, there is a possible man in the middle attack due to improper certificate validation....
Moderate
Unreviewed
CVE-2022-20081
was published
Apr 12, 2022
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify...
Moderate
Unreviewed
CVE-2022-28352
was published
Apr 3, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for...
Critical
Unreviewed
CVE-2021-45490
was published
Mar 29, 2022
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3...
Moderate
Unreviewed
CVE-2022-0123
was published
Mar 29, 2022
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers...
High
Unreviewed
CVE-2021-3618
was published
Mar 24, 2022
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate...
High
Unreviewed
CVE-2021-3698
was published
Mar 11, 2022
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9...
Moderate
Unreviewed
CVE-2022-21170
was published
Mar 11, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under...
Moderate
Unreviewed
CVE-2022-25243
was published
Mar 11, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
Moderate
Unreviewed
CVE-2021-42017
was published
Mar 9, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable...
Moderate
Unreviewed
CVE-2022-22946
was published
Mar 5, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting...
High
Unreviewed
CVE-2021-25636
was published
Feb 25, 2022
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication...
Moderate
Unreviewed
CVE-2022-25638
was published
Feb 25, 2022
ProTip!
Advisories are also available from the
GraphQL API