Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
Improper Certificate Validation in Apache Netbeans Critical
CVE-2019-17560 was published for org.codehaus.mevenide:netbeans (Maven) May 24, 2022
kevinsawicki/http-request Missing certificate validation Moderate
CVE-2019-1010206 was published for com.github.kevinsawicki:http-request (Maven) May 24, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin Moderate
CVE-2020-2252 was published for org.jenkins-ci.plugins:mailer (Maven) May 24, 2022
westonsteimel
Missing hostname validation in Email Extension Plugin Moderate
CVE-2020-2253 was published for org.jenkins-ci.plugins:email-ext (Maven) May 24, 2022
NotMyFault
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification High
CVE-2019-10446 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation Moderate
CVE-2019-10382 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability Moderate
CVE-2019-10381 was published for org.jenkins-ci.plugins:codefresh (Maven) May 24, 2022
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10334 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10317 was published for org.jvnet.hudson.plugins:sitemonitor (Maven) May 24, 2022
Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10314 was published for org.jenkins-ci.plugins:koji (Maven) May 24, 2022
Improper Certificate Validation in Apache Qpid Proton High
CVE-2019-0223 was published for org.apache.qpid:proton-j (Maven) May 24, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate
CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate
CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability High
CVE-2018-1999025 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999035 was published for com.inedo.buildmaster:inedo-buildmaster (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database