Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

413 advisories

Loading
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5... High Unreviewed
CVE-2019-1683 was published May 13, 2022
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a ... High Unreviewed
CVE-2018-4849 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate... High Unreviewed
CVE-2018-5464 was published May 13, 2022
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate... High Unreviewed
CVE-2018-5466 was published May 13, 2022
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do... High Unreviewed
CVE-2017-7322 was published May 13, 2022
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime... High Unreviewed
CVE-2019-1659 was published May 13, 2022
When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not... High Unreviewed
CVE-2018-8019 was published May 13, 2022
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected... High Unreviewed
CVE-2021-42027 was published Dec 15, 2021
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail High
CVE-2021-44549 was published for org.apache.sling:org.apache.sling.commons.messaging.mail (Maven) Dec 16, 2021
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in... High Unreviewed
CVE-2021-34599 was published Dec 2, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
Improper Certificate Validation in Apache IoTDB High
CVE-2020-1952 was published for org.apache.iotdb:iotdb-parent (Maven) Jan 6, 2022
Improper Certificate Validation in Graylog High
CVE-2020-15813 was published for org.graylog:graylog-parent (Maven) Feb 10, 2022
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet... High Unreviewed
CVE-2018-1000500 was published May 13, 2022
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed... High Unreviewed
CVE-2018-1000520 was published May 13, 2022
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check... High Unreviewed
CVE-2018-8020 was published May 13, 2022
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be... High Unreviewed
CVE-2017-7429 was published May 13, 2022
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath... High Unreviewed
CVE-2017-6594 was published May 13, 2022
Improper Validation of Certificate with Host Mismatch in Java-WebSocket High
CVE-2020-11050 was published for org.java-websocket:Java-WebSocket (Maven) May 8, 2020
p-
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing... High Unreviewed
CVE-2017-4981 was published May 13, 2022
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE... High Unreviewed
CVE-2015-0534 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... High Unreviewed
CVE-2018-7234 was published May 13, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14... High Unreviewed
CVE-2020-16164 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database