GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate
CVE-2018-10936
was published
for
org.postgresql:pgjdbc-aggregate
(Maven)
Oct 19, 2018
Disabled Hostname Verification in Opencast
High
CVE-2020-26234
was published
for
org.opencastproject:opencast-kernel
(Maven)
Dec 8, 2020
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
Moderate
CVE-2014-3603
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
Jenkins SmallTest Plugin missing hostname validation
Moderate
CVE-2022-41243
was published
for
com.smalltest:smalltest
(Maven)
Sep 22, 2022
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
High
CVE-2020-11050
was published
for
org.java-websocket:Java-WebSocket
(Maven)
May 8, 2020
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
Moderate
CVE-2020-1758
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
High
CVE-2021-44549
was published
for
org.apache.sling:org.apache.sling.commons.messaging.mail
(Maven)
Dec 16, 2021
Improper Validation of Certificates in apache axis
Moderate
CVE-2014-3596
was published
for
axis:axis
(Maven)
Oct 16, 2018
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Missing hostname validation in Kroxylicious
Moderate
CVE-2024-8285
was published
for
io.kroxylicious:kroxylicious-runtime
(Maven)
Aug 31, 2024
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
High
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API