Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

849 advisories

Loading
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the... Moderate Unreviewed
CVE-2021-39365 was published May 24, 2022
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when... Moderate Unreviewed
CVE-2020-36477 was published May 24, 2022
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).... High Unreviewed
CVE-2020-36478 was published May 24, 2022
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification... Moderate Unreviewed
CVE-2021-39358 was published May 24, 2022
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on... Moderate Unreviewed
CVE-2021-39360 was published May 24, 2022
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate... Moderate Unreviewed
CVE-2021-39361 was published May 24, 2022
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on... Moderate Unreviewed
CVE-2021-39359 was published May 24, 2022
If the Node.js https API was used incorrectly and "undefined" was in passed for the ... Moderate Unreviewed
CVE-2021-22939 was published May 24, 2022
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the... Moderate Unreviewed
CVE-2021-31399 was published May 24, 2022
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the... Moderate Unreviewed
CVE-2021-32069 was published May 24, 2022
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5... High Unreviewed
CVE-2021-32581 was published May 24, 2022
libcurl-using applications can ask for a specific client certificate to be used in a transfer.... High Unreviewed
CVE-2021-22926 was published May 24, 2022
Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate... High Unreviewed
CVE-2021-35193 was published May 24, 2022
Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an... High Unreviewed
CVE-2020-12681 was published May 24, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker... Critical Unreviewed
CVE-2021-20110 was published May 24, 2022
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can... High Unreviewed
CVE-2021-20109 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check... Moderate Unreviewed
CVE-2020-36425 was published May 24, 2022
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key... Moderate Unreviewed
CVE-2021-34558 was published May 24, 2022
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK... High Unreviewed
CVE-2021-31892 was published May 24, 2022
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the... High Unreviewed
CVE-2021-3547 was published May 24, 2022
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS... High Unreviewed
CVE-2021-36377 was published May 24, 2022
Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept... Moderate Unreviewed
CVE-2021-36382 was published May 24, 2022
Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass... Moderate Unreviewed
CVE-2021-36371 was published May 24, 2022
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA... High Unreviewed
CVE-2021-1134 was published May 24, 2022
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature... Moderate Unreviewed
CVE-2021-21571 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database