Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,849
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

874 advisories

Loading
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows... High Unreviewed
CVE-2010-1378 was published May 2, 2022
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,... Moderate Unreviewed
CVE-2009-4831 was published May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is... Moderate Unreviewed
CVE-2009-3767 was published May 2, 2022
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6... Moderate Unreviewed
CVE-2009-2409 was published May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust... High Unreviewed
CVE-2002-0862 was published Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01... High Unreviewed
CVE-2003-1229 was published Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed
CVE-2012-0955 was published Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed
CVE-2012-1316 was published Apr 23, 2022
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from... High Unreviewed
CVE-2012-5518 was published Apr 23, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. High Unreviewed
CVE-2012-6071 was published Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08... Moderate Unreviewed
CVE-2021-3898 was published Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of... Moderate Unreviewed
CVE-2011-2669 was published Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed
CVE-2011-2207 was published Apr 22, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates... Moderate Unreviewed
CVE-2007-5967 was published Apr 21, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when... High Unreviewed
CVE-2022-27536 was published Apr 21, 2022
Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated... High Unreviewed
CVE-2022-22549 was published Apr 13, 2022
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This... Moderate Unreviewed
CVE-2022-20071 was published Apr 12, 2022
In A-GPS, there is a possible man in the middle attack due to improper certificate validation.... Moderate Unreviewed
CVE-2022-20081 was published Apr 12, 2022
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify... Moderate Unreviewed
CVE-2022-28352 was published Apr 3, 2022
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for... Critical Unreviewed
CVE-2021-45490 was published Mar 29, 2022
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3... Moderate Unreviewed
CVE-2022-0123 was published Mar 29, 2022
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers... High Unreviewed
CVE-2021-3618 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database