Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

194 advisories

Loading
Hashicorp Consul Missing SSL Certificate Validation High
CVE-2021-32574 was published for github.com/hashicorp/consul (Go) Jul 19, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate High
CVE-2020-7919 was published for github.com/helm/helm (Go) Jun 23, 2021
Improper Certificate Validation in xmlhttprequest-ssl Critical
CVE-2021-31597 was published for xmlhttprequest-ssl (npm) May 24, 2021
Improper Certificate Validation in EM-HTTP-Request High
CVE-2020-13482 was published for em-http-request (RubyGems) May 24, 2021
tdunlap607
Improper certificate validation in em-imap High
CVE-2020-13163 was published for em-imap (RubyGems) May 24, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
Improper Certificate Validation in WP-CLI framework Critical
CVE-2021-29504 was published for wp-cli/wp-cli (Composer) May 19, 2021
WhiteWinterWolf
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
Improper Certificate Validation in oauth ruby gem High
CVE-2016-11086 was published for oauth (RubyGems) Apr 22, 2021
Missing Authentication for Critical Function in Apache Calcite Moderate
CVE-2020-13955 was published for org.apache.calcite:calcite-core (Maven) Apr 22, 2021
Improper Certificate Validation in blackduck High
CVE-2020-27589 was published for blackduck (pip) Apr 20, 2021
Improper Certificate Validation in TweetStream Moderate
CVE-2020-24393 was published for tweetstream (RubyGems) Apr 13, 2021
Improper Certificate Validation in Puppet Moderate
CVE-2020-7942 was published for puppet (RubyGems) Apr 13, 2021
mongodb-client-encryption vulnerable to Improper Certificate Validation Moderate
CVE-2021-20327 was published for mongodb-client-encryption (npm) Apr 12, 2021
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Improper Certificate Validation in twitter-stream Moderate
CVE-2020-24392 was published for twitter-stream (RubyGems) Mar 29, 2021
Insecure Defaults Leads to Potential MITM in ezseed-transmission Moderate
CVE-2016-1000224 was published for ezseed-transmission (npm) Sep 1, 2020
Missing TLS certificate verification in faye-websocket High
CVE-2020-15133 was published for faye-websocket (RubyGems) Jul 31, 2020
Missing TLS certificate verification High
CVE-2020-15134 was published for faye (RubyGems) Jul 31, 2020
Data leakage via cache key collision in Django High
CVE-2020-13254 was published for Django (pip) Jun 5, 2020
tdunlap607
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
Improper Certificate Validation in Apache Beam High
CVE-2020-1929 was published for org.apache.beam:beam-sdks-java-io-mongodb (Maven) May 6, 2020
ProTip! Advisories are also available from the GraphQL API