Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,343
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

849 advisories

Loading
In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw... Low Unreviewed
CVE-2021-22138 was published May 24, 2022
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates... Moderate Unreviewed
CVE-2015-4100 was published May 24, 2022
IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by... Moderate Unreviewed
CVE-2019-4264 was published May 24, 2022
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass... Moderate Unreviewed
CVE-2018-20200 was published May 24, 2022
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages.... Critical Unreviewed
CVE-2017-7406 was published May 24, 2022
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can... High Unreviewed
CVE-2021-3935 was published May 24, 2022
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle... High Unreviewed
CVE-2021-23162 was published May 24, 2022
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to... Moderate Unreviewed
CVE-2021-23167 was published May 24, 2022
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV... Moderate Unreviewed
CVE-2021-26320 was published May 24, 2022
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate... High Unreviewed
CVE-2021-43114 was published May 24, 2022
IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has... High Unreviewed
CVE-2021-29737 was published May 24, 2022
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS... Moderate Unreviewed
CVE-2021-41019 was published May 24, 2022
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted... Moderate Unreviewed
CVE-2021-22278 was published May 24, 2022
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Moderate Unreviewed
CVE-2021-36756 was published May 24, 2022
The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate... High Unreviewed
CVE-2021-20833 was published May 24, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting... High Unreviewed
CVE-2021-25634 was published May 24, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting... High Unreviewed
CVE-2021-25633 was published May 24, 2022
The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO... High Unreviewed
CVE-2021-35497 was published May 24, 2022
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate... Critical Unreviewed
CVE-2021-33907 was published May 24, 2022
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate... Moderate Unreviewed
CVE-2021-40713 was published May 24, 2022
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a... Moderate Unreviewed
CVE-2021-20435 was published May 24, 2022
IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to... High Unreviewed
CVE-2021-38864 was published May 24, 2022
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted... Critical Unreviewed
CVE-2021-33695 was published May 24, 2022
A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An... Moderate Unreviewed
CVE-2021-1837 was published May 24, 2022
The mechanism which performs certificate validation was discovered to have a flaw that resulted... High Unreviewed
CVE-2021-27018 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database