Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

960 advisories

Loading
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Missing Authentication for Critical Function in Apache Calcite Moderate
CVE-2020-13955 was published for org.apache.calcite:calcite-core (Maven) Apr 22, 2021
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
Improper Certificate Validation in Puppet Moderate
CVE-2020-7942 was published for puppet (RubyGems) Apr 13, 2021
mongodb-client-encryption vulnerable to Improper Certificate Validation Moderate
CVE-2021-20327 was published for mongodb-client-encryption (npm) Apr 12, 2021
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Improper Certificate Validation in twitter-stream Moderate
CVE-2020-24392 was published for twitter-stream (RubyGems) Mar 29, 2021
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection Moderate
CVE-2021-28363 was published for urllib3 (pip) Mar 19, 2021
jalopezsilva pquentin
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Data leakage via cache key collision in Django High
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
Python Twisted trustRoot is not respected in HTTP client High
CVE-2014-7143 was published for twisted (pip) Dec 17, 2019
Improper Certificate Validation in Twisted Critical
CVE-2019-12855 was published for twisted (pip) Aug 16, 2019
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak Moderate
CVE-2019-3875 was published for org.keycloak:keycloak-core (Maven) Jun 27, 2019
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
splunk-sdk does not properly verify untrusted TLS server certificates Critical
CVE-2019-5729 was published for splunk-sdk (pip) Mar 25, 2019
Improper Certificate Validation in chloride High
CVE-2018-6517 was published for chloride (RubyGems) Mar 25, 2019
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation High
CVE-2016-3083 was published for org.apache.hive:hive (Maven) Mar 14, 2019
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
Improper Certificate Validation in Apache Airflow High
CVE-2018-20245 was published for apache-airflow (pip) Jan 25, 2019
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database