Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,051 advisories

Loading
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded... Moderate Unreviewed
CVE-2021-27257 was published May 24, 2022
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they... High Unreviewed
CVE-2021-3309 was published May 24, 2022
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt... Moderate Unreviewed
CVE-2020-29440 was published May 24, 2022
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to... Moderate Unreviewed
CVE-2021-1277 was published May 24, 2022
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts... High Unreviewed
CVE-2020-35733 was published May 24, 2022
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for... High Unreviewed
CVE-2021-0341 was published May 24, 2022
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate... Moderate Unreviewed
CVE-2020-5812 was published May 24, 2022
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from... High Unreviewed
CVE-2020-8289 was published May 24, 2022
Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true... High Unreviewed
CVE-2019-16281 was published May 24, 2022
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to... Moderate Unreviewed
CVE-2021-1276 was published May 24, 2022
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL... Moderate Unreviewed
CVE-2020-25680 was published May 24, 2022
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage... Moderate Unreviewed
CVE-2020-5684 was published May 24, 2022
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 ... High Unreviewed
CVE-2020-15604 was published May 24, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM)... Critical Unreviewed
CVE-2020-27649 was published May 24, 2022
An issue existed in the handling of S-MIME certificates. This issue was addressed with improved... Moderate Unreviewed
CVE-2019-8642 was published May 24, 2022
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a... High Unreviewed
CVE-2020-8241 was published May 24, 2022
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0... High Unreviewed
CVE-2020-8279 was published May 24, 2022
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an... Moderate Unreviewed
CVE-2020-28942 was published May 24, 2022
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS... High Unreviewed
CVE-2019-17007 was published May 24, 2022
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. High Unreviewed
CVE-2020-28362 was published May 24, 2022
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core Moderate
CVE-2020-29457 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Nov 19, 2021
mregen
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist... High Unreviewed
CVE-2020-1675 was published May 24, 2022
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack... High Unreviewed
CVE-2020-3994 was published May 24, 2022
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced... Moderate Unreviewed
CVE-2020-12619 was published May 24, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate
CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database