GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
High
CVE-2021-3761
was published
for
github.com/cloudflare/cfrpki
(Go)
Sep 7, 2021
Privilege escalation in Hashicorp Nomad
High
CVE-2021-37218
was published
for
github.com/hashicorp/nomad
(Go)
Sep 8, 2021
HashiCorp Consul Privilege Escalation Vulnerability
High
CVE-2021-37219
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Moderate
GHSA-m658-p24x-p74r
was published
for
mellium.im/xmpp
(Go)
Feb 12, 2022
•
withdrawn
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25835
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Skip the router TLS configuration when the host header is an FQDN
High
CVE-2022-23632
was published
for
github.com/traefik/traefik/v2
(Go)
Feb 16, 2022
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Moderate
CVE-2022-24968
was published
for
mellium.im/xmpp
(Go)
Feb 16, 2022
Improper Certificate Validation in Cosign
Low
CVE-2022-23649
was published
for
github.com/sigstore/cosign
(Go)
Feb 22, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability
High
CVE-2019-12496
was published
for
github.com/hybridgroup/gobot
(Go)
May 24, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
MongoDB Tools Improper Certificate Validation vulnerability
Moderate
CVE-2020-7924
was published
for
github.com/mongodb/mongo-tools
(Go)
May 24, 2022
Pion/DLTS Accepts Client Certificates Without CertificateVerify
Moderate
CVE-2022-29222
was published
for
github.com/pion/dtls
(Go)
May 25, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Beego privilege escalation vulnerability
High
CVE-2024-40464
was published
for
github.com/beego/beego/v2
(Go)
Jul 31, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
ProTip!
Advisories are also available from the
GraphQL API