GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Improper Certificate Validation in Apache Beam
High
CVE-2020-1929
was published
for
org.apache.beam:beam-sdks-java-io-mongodb
(Maven)
May 6, 2020
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Moderate
CVE-2018-11087
was published
for
com.rabbitmq:amqp-client
(Maven)
Oct 18, 2018
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
High
CVE-2016-3083
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Improper Certificate Validation in OWASP ZAP
Moderate
CVE-2022-27820
was published
for
org.zaproxy:zap
(Maven)
Mar 25, 2022
Improper Certificate Validation in OkHttp
Moderate
CVE-2016-2402
was published
for
com.squareup.okhttp3:okhttp
(Maven)
May 13, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
Improper Certificate Validation in Jenkins
Moderate
CVE-2017-1000396
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Jenkins CollabNet Plugin man in the middle vulnerability
Moderate
CVE-2018-1000605
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
May 14, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
Moderate
CVE-2017-1000209
was published
for
com.neovisionaries:nv-websocket-client
(Maven)
May 17, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Improper Certificate Validation in Apache Qpid Proton
High
CVE-2019-0223
was published
for
org.apache.qpid:proton-j
(Maven)
May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin
High
CVE-2019-16558
was published
for
com.inflectra.spiratest.plugins:inflectra-spira-integration
(Maven)
May 24, 2022
fs2-io skips mTLS client verification
Critical
CVE-2022-31183
was published
for
co.fs2:fs2-io
(Maven)
Jul 29, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
High
CVE-2019-10446
was published
for
org.jenkins-ci.plugins:vmanager-plugin
(Maven)
May 24, 2022
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Moderate
CVE-2019-3875
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 27, 2019
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Missing Authentication for Critical Function in Apache Calcite
Moderate
CVE-2020-13955
was published
for
org.apache.calcite:calcite-core
(Maven)
Apr 22, 2021
Improper Certificate Validation in Graylog
High
CVE-2020-15813
was published
for
org.graylog:graylog-parent
(Maven)
Feb 10, 2022
Improper Certificate Validation in Apache IoTDB
High
CVE-2020-1952
was published
for
org.apache.iotdb:iotdb-parent
(Maven)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API