GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
85 advisories
Filter by severity
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination
High
CVE-2024-10039
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 25, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Moderate
CVE-2024-28162
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Moderate
CVE-2024-28161
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Mar 6, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default
Moderate
CVE-2023-4586
was published
for
io.netty:netty-handler
(Maven)
Oct 4, 2023
•
withdrawn
Bouncy Castle For Java LDAP injection vulnerability
Moderate
CVE-2023-33201
was published
for
org.bouncycastle:bcprov-debug-jdk14
(Maven)
Jul 5, 2023
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
High
CVE-2023-2422
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
Keycloak Untrusted Certificate Validation vulnerability
Moderate
CVE-2023-1664
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 30, 2023
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
High
CVE-2023-35142
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Jun 14, 2023
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation
Moderate
GHSA-c892-cwq6-qrqf
was published
for
org.keycloak:keycloak-core
(Maven)
May 26, 2023
•
withdrawn
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2023-32994
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
Moderate
CVE-2023-30517
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Apr 12, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation
Moderate
CVE-2023-30516
was published
for
org.jenkins-ci.plugins:image-tag-parameter
(Maven)
Apr 12, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation
Moderate
CVE-2022-32531
was published
for
org.apache.bookkeeper:bookkeeper-common
(Maven)
Dec 15, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
fs2-io skips mTLS client verification
Critical
CVE-2022-31183
was published
for
co.fs2:fs2-io
(Maven)
Jul 29, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
ProTip!
Advisories are also available from the
GraphQL API