GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
62 advisories
Filter by severity
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for...
Critical
Unreviewed
CVE-2021-45490
was published
Mar 29, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible...
Critical
Unreviewed
CVE-2022-34831
was published
Sep 15, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker...
Critical
Unreviewed
CVE-2021-20110
was published
May 24, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line...
Critical
Unreviewed
CVE-2022-32156
was published
Jun 16, 2022
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not...
Critical
Unreviewed
CVE-2022-32151
was published
Jun 16, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote...
Critical
Unreviewed
CVE-2015-3886
was published
May 17, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:...
Critical
Unreviewed
CVE-2014-8164
was published
Jul 7, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might...
Critical
Unreviewed
CVE-2015-7826
was published
May 17, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL...
Critical
Unreviewed
CVE-2017-2800
was published
May 13, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM)...
Critical
Unreviewed
CVE-2020-27649
was published
May 24, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ...
Critical
Unreviewed
CVE-2020-27648
was published
May 24, 2022
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server...
Critical
Unreviewed
CVE-2021-3460
was published
May 24, 2022
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for...
Critical
Unreviewed
CVE-2021-3336
was published
May 24, 2022
While processing server certificate from IPSec server, certificate validation for subject...
Critical
Unreviewed
CVE-2020-11176
was published
May 24, 2022
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of...
Critical
Unreviewed
CVE-2020-28907
was published
May 24, 2022
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x,...
Critical
Unreviewed
CVE-2022-34865
was published
Aug 5, 2022
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted...
Critical
Unreviewed
CVE-2021-33695
was published
May 24, 2022
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate...
Critical
Unreviewed
CVE-2021-33907
was published
May 24, 2022
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages....
Critical
Unreviewed
CVE-2017-7406
was published
May 24, 2022
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage...
Critical
Unreviewed
CVE-2022-37437
was published
Aug 17, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx...
Critical
Unreviewed
CVE-2018-11747
was published
May 13, 2022
A certificate validation issue existed in the handling of WKWebView. This issue was addressed...
Critical
Unreviewed
CVE-2022-42813
was published
Nov 2, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to...
Critical
Unreviewed
CVE-2018-15387
was published
May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate...
Critical
Unreviewed
CVE-2018-5926
was published
May 13, 2022
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the...
Critical
Unreviewed
CVE-2019-3807
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API