GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,502

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

402 advisories

Filter by severity

Sort by

Least recently updated

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle... Moderate Unreviewed

CVE-2021-23155 was published Nov 19, 2021

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could... Moderate Unreviewed

CVE-2021-31747 was published Dec 11, 2021

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum... Moderate Unreviewed

CVE-2020-4496 was published Dec 14, 2021

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed

CVE-2022-24319 was published Feb 11, 2022

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed

CVE-2022-24320 was published Feb 11, 2022

In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate... Moderate Unreviewed

CVE-2022-20034 was published Feb 11, 2022

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed

CVE-2021-44532 was published Feb 25, 2022

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication... Moderate Unreviewed

CVE-2022-25638 was published Feb 25, 2022

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable... Moderate Unreviewed

CVE-2022-22946 was published Mar 5, 2022

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed

CVE-2021-42017 was published Mar 9, 2022

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under... Moderate Unreviewed

CVE-2022-25243 was published Mar 11, 2022

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9... Moderate Unreviewed

CVE-2022-21170 was published Mar 11, 2022

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3... Moderate Unreviewed

CVE-2022-0123 was published Mar 29, 2022

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify... Moderate Unreviewed

CVE-2022-28352 was published Apr 3, 2022

In A-GPS, there is a possible man in the middle attack due to improper certificate validation.... Moderate Unreviewed

CVE-2022-20081 was published Apr 12, 2022

In ccu, there is a possible escalation of privilege due to a missing certificate validation. This... Moderate Unreviewed

CVE-2022-20071 was published Apr 12, 2022

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates... Moderate Unreviewed

CVE-2007-5967 was published Apr 21, 2022

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed

CVE-2011-2207 was published Apr 22, 2022

Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of... Moderate Unreviewed

CVE-2011-2669 was published Apr 22, 2022

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08... Moderate Unreviewed

CVE-2021-3898 was published Apr 23, 2022

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed

CVE-2012-1316 was published Apr 23, 2022

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed

CVE-2005-3170 was published May 1, 2022

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed

CVE-2009-2408 was published May 2, 2022

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed

CVE-2009-3046 was published May 2, 2022

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is... Moderate Unreviewed

CVE-2009-3767 was published May 2, 2022

Previous 1 2 3 4 5 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

402 advisories