Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c... Critical Unreviewed
CVE-2020-7043 was published May 24, 2022
Keycloak Authentication Error Critical
CVE-2019-14910 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate... Critical Unreviewed
CVE-2019-18633 was published May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because... Critical Unreviewed
CVE-2019-18632 was published May 24, 2022
systemd 239 through 243 accepts any certificate signed by a trusted certificate authority for DNS... Critical Unreviewed
CVE-2018-21029 was published May 24, 2022
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via... Critical Unreviewed
CVE-2015-2320 was published May 24, 2022
Helm Improper Certificate Validation Critical
CVE-2019-1010275 was published for helm.sh/helm (Go) May 24, 2022
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17945 was published May 24, 2022
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. Critical Unreviewed
CVE-2017-17944 was published May 24, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Critical
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might... Critical Unreviewed
CVE-2015-7826 was published May 17, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote... Critical Unreviewed
CVE-2015-3886 was published May 17, 2022
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept... Critical Unreviewed
CVE-2018-9127 was published May 14, 2022
Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable... Critical Unreviewed
CVE-2018-4991 was published May 14, 2022
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation... Critical Unreviewed
CVE-2018-12829 was published May 14, 2022
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to... Critical Unreviewed
CVE-2016-1000030 was published May 14, 2022
On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL... Critical Unreviewed
CVE-2019-6592 was published May 14, 2022
Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL... Critical Unreviewed
CVE-2019-6266 was published May 14, 2022
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers,... Critical Unreviewed
CVE-2019-8351 was published May 14, 2022
Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20,... Critical Unreviewed
CVE-2017-17301 was published May 13, 2022
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x... Critical Unreviewed
CVE-2019-3777 was published May 13, 2022
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the... Critical Unreviewed
CVE-2019-3807 was published May 13, 2022
A potential vulnerability has been identified in HP Remote Graphics Software’s certificate... Critical Unreviewed
CVE-2018-5926 was published May 13, 2022
A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to... Critical Unreviewed
CVE-2018-15387 was published May 13, 2022
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx... Critical Unreviewed
CVE-2018-11747 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database