GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
194 advisories
Filter by severity
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Improper Certificate Validation in xmlhttprequest-ssl
Critical
CVE-2021-31597
was published
for
xmlhttprequest-ssl
(npm)
May 24, 2021
Improper Certificate Validation in EM-HTTP-Request
High
CVE-2020-13482
was published
for
em-http-request
(RubyGems)
May 24, 2021
Improper certificate validation in em-imap
High
CVE-2020-13163
was published
for
em-imap
(RubyGems)
May 24, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Improper Certificate Validation in WP-CLI framework
Critical
CVE-2021-29504
was published
for
wp-cli/wp-cli
(Composer)
May 19, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Improper Certificate Validation in oauth ruby gem
High
CVE-2016-11086
was published
for
oauth
(RubyGems)
Apr 22, 2021
Missing Authentication for Critical Function in Apache Calcite
Moderate
CVE-2020-13955
was published
for
org.apache.calcite:calcite-core
(Maven)
Apr 22, 2021
Improper Certificate Validation in blackduck
High
CVE-2020-27589
was published
for
blackduck
(pip)
Apr 20, 2021
Improper Certificate Validation in TweetStream
Moderate
CVE-2020-24393
was published
for
tweetstream
(RubyGems)
Apr 13, 2021
Improper Certificate Validation in Puppet
Moderate
CVE-2020-7942
was published
for
puppet
(RubyGems)
Apr 13, 2021
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
Improper Certificate Validation in phpseclib
High
CVE-2021-30130
was published
for
phpseclib/phpseclib
(Composer)
Apr 7, 2021
Improper Certificate Validation in twitter-stream
Moderate
CVE-2020-24392
was published
for
twitter-stream
(RubyGems)
Mar 29, 2021
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
Missing TLS certificate verification in faye-websocket
High
CVE-2020-15133
was published
for
faye-websocket
(RubyGems)
Jul 31, 2020
Missing TLS certificate verification
High
CVE-2020-15134
was published
for
faye
(RubyGems)
Jul 31, 2020
Data leakage via cache key collision in Django
High
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Low
CVE-2020-9488
was published
for
org.apache.logging.log4j:log4j
(Maven)
Jun 5, 2020
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
ProTip!
Advisories are also available from the
GraphQL API