GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
767 advisories
Filter by severity
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle...
Moderate
Unreviewed
CVE-2021-23155
was published
Nov 19, 2021
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in...
High
Unreviewed
CVE-2021-34599
was published
Dec 2, 2021
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could...
Moderate
Unreviewed
CVE-2021-31747
was published
Dec 11, 2021
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum...
Moderate
Unreviewed
CVE-2020-4496
was published
Dec 14, 2021
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected...
High
Unreviewed
CVE-2021-42027
was published
Dec 15, 2021
Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE...
Critical
Unreviewed
CVE-2021-43882
was published
Dec 16, 2021
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM...
High
Unreviewed
CVE-2021-44273
was published
Dec 24, 2021
Windows Certificate Spoofing Vulnerability.
High
Unreviewed
CVE-2022-21836
was published
Jan 12, 2022
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker...
High
Unreviewed
CVE-2022-22156
was published
Jan 20, 2022
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1...
High
Unreviewed
CVE-2021-21959
was published
Feb 10, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers...
High
Unreviewed
CVE-2022-20703
was published
Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in...
Moderate
Unreviewed
CVE-2022-24319
was published
Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in...
Moderate
Unreviewed
CVE-2022-24320
was published
Feb 11, 2022
In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate...
Moderate
Unreviewed
CVE-2022-20034
was published
Feb 11, 2022
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not...
Critical
Unreviewed
CVE-2021-29656
was published
Feb 19, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to...
High
Unreviewed
CVE-2021-44531
was published
Feb 25, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)...
Moderate
Unreviewed
CVE-2021-44532
was published
Feb 25, 2022
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication...
Moderate
Unreviewed
CVE-2022-25638
was published
Feb 25, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting...
High
Unreviewed
CVE-2021-25636
was published
Feb 25, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable...
Moderate
Unreviewed
CVE-2022-22946
was published
Mar 5, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
Moderate
Unreviewed
CVE-2021-42017
was published
Mar 9, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under...
Moderate
Unreviewed
CVE-2022-25243
was published
Mar 11, 2022
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9...
Moderate
Unreviewed
CVE-2022-21170
was published
Mar 11, 2022
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate...
High
Unreviewed
CVE-2021-3698
was published
Mar 11, 2022
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers...
High
Unreviewed
CVE-2021-3618
was published
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API