Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,050 advisories

Loading
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when... Moderate Unreviewed
CVE-2020-36477 was published May 24, 2022
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not... Critical Unreviewed
CVE-2022-32151 was published Jun 16, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate... High Unreviewed
CVE-2020-26184 was published Jun 2, 2022
ProxyAgent vulnerable to MITM High
CVE-2022-32210 was published for undici (npm) Jun 17, 2022
pimterry
Authentication bypass vulnerability in Apple Game Center auth adapter High
CVE-2022-31083 was published for parse-server (npm) Jun 17, 2022
yoshmidev
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version... Moderate Unreviewed
CVE-2017-2278 was published May 17, 2022
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which... High Unreviewed
CVE-2017-11364 was published May 17, 2022
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server... Moderate Unreviewed
CVE-2022-29482 was published Jun 15, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32153 was published Jun 16, 2022
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform... High Unreviewed
CVE-2022-32152 was published Jun 16, 2022
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates,... Moderate Unreviewed
CVE-2015-0904 was published May 17, 2022
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote... Critical Unreviewed
CVE-2015-3886 was published May 17, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:... Critical Unreviewed
CVE-2014-8164 was published Jul 7, 2022
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to... High Unreviewed
CVE-2017-0129 was published May 17, 2022
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1... Moderate Unreviewed
CVE-2016-7805 was published May 17, 2022
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue... Moderate Unreviewed
CVE-2017-6988 was published May 17, 2022
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue... High Unreviewed
CVE-2017-2498 was published May 17, 2022
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote... Moderate Unreviewed
CVE-2016-7815 was published May 17, 2022
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. Moderate Unreviewed
CVE-2016-4832 was published May 17, 2022
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all... High Unreviewed
CVE-2013-7450 was published May 17, 2022
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway... Moderate Unreviewed
CVE-2022-20813 was published Jul 7, 2022
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the... High Unreviewed
CVE-2016-8231 was published May 17, 2022
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed
CVE-2016-1221 was published May 17, 2022
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect... High Unreviewed
CVE-2017-7192 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database