GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
85 advisories
Filter by severity
net-ldap Improper Certificate Validation vulnerability
Moderate
CVE-2017-17718
was published
for
net-ldap
(RubyGems)
Jan 6, 2018
Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua
Moderate
CVE-2018-12087
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Moderate
CVE-2017-0248
was published
for
Microsoft.AspNetCore.Mvc
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Moderate
CVE-2016-1000224
was published
for
ezseed-transmission
(npm)
Sep 1, 2020
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
Improper Certificate Validation in twitter-stream
Moderate
CVE-2020-24392
was published
for
twitter-stream
(RubyGems)
Mar 29, 2021
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
Improper Certificate Validation in Puppet
Moderate
CVE-2020-7942
was published
for
puppet
(RubyGems)
Apr 13, 2021
Improper Certificate Validation in TweetStream
Moderate
CVE-2020-24393
was published
for
tweetstream
(RubyGems)
Apr 13, 2021
Missing Authentication for Critical Function in Apache Calcite
Moderate
CVE-2020-13955
was published
for
org.apache.calcite:calcite-core
(Maven)
Apr 22, 2021
Improper Certificate Validation in security-framework
Moderate
CVE-2017-18588
was published
for
security-framework
(Rust)
Aug 25, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Improper Certificate Validation in Heartland & Global Payments PHP SDK
Moderate
CVE-2019-20455
was published
for
globalpayments/php-sdk
(Composer)
Oct 12, 2021
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core
Moderate
CVE-2020-29457
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Nov 19, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Improper Certificate Validation in node-sass
Moderate
CVE-2020-24025
was published
for
node-sass
(npm)
Feb 9, 2022
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Moderate
GHSA-m658-p24x-p74r
was published
for
mellium.im/xmpp
(Go)
Feb 12, 2022
•
withdrawn
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Moderate
CVE-2022-24968
was published
for
mellium.im/xmpp
(Go)
Feb 16, 2022
Improper Certificate Validation in OWASP ZAP
Moderate
CVE-2022-27820
was published
for
org.zaproxy:zap
(Maven)
Mar 25, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin
Moderate
CVE-2022-28142
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
Improper Certificate Validation in node-sass affects eZ Platform
Moderate
GHSA-6v6p-g8cg-2hgg
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Apr 1, 2022
Mercurial Improper Certificate Validation vulnerability
Moderate
CVE-2010-4237
was published
for
mercurial
(pip)
Apr 21, 2022
ProTip!
Advisories are also available from the
GraphQL API