Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

524 advisories

Loading
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to... Moderate Unreviewed
CVE-2023-50454 was published Dec 10, 2023
light-oauth2 missing public key verification Moderate
CVE-2023-31580 was published for com.networknt:light-oauth2 (Maven) Oct 25, 2023
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows... Moderate Unreviewed
CVE-2022-3761 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a... Moderate Unreviewed
CVE-2022-43892 was published Oct 17, 2023
IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity... Moderate Unreviewed
CVE-2022-22380 was published Oct 17, 2023
Withdrawn Advisory: Netty-handler does not validate host names by default Moderate
CVE-2023-4586 was published for io.netty:netty-handler (Maven) Oct 4, 2023 withdrawn
normanmaurer
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS... Moderate Unreviewed
CVE-2023-41991 was published Sep 21, 2023
MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows... Moderate Unreviewed
CVE-2023-38353 was published Sep 19, 2023
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying... Moderate Unreviewed
CVE-2023-35845 was published Sep 11, 2023
Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14... Moderate Unreviewed
CVE-2023-41180 was published Sep 3, 2023
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6... Moderate Unreviewed
CVE-2022-22305 was published Sep 1, 2023
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows... Moderate Unreviewed
CVE-2023-24461 was published Jul 6, 2023
HashiCorp Vault's revocation list not respected Moderate
CVE-2022-41316 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
Bouncy Castle For Java LDAP injection vulnerability Moderate
CVE-2023-33201 was published for org.bouncycastle:bcprov-debug-jdk14 (Maven) Jul 5, 2023
pavelarnost
Keycloak Untrusted Certificate Validation vulnerability Moderate
CVE-2023-1664 was published for org.keycloak:keycloak-core (Maven) Jun 30, 2023
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku... Moderate Unreviewed
CVE-2023-29501 was published Jun 13, 2023
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all... Moderate Unreviewed
CVE-2023-29175 was published Jun 13, 2023
An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6... Moderate Unreviewed
CVE-2023-34410 was published Jun 5, 2023
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted... Moderate Unreviewed
CVE-2023-0547 was published Jun 2, 2023
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed... Moderate Unreviewed
CVE-2023-0430 was published Jun 2, 2023
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability... Moderate Unreviewed
CVE-2023-24568 was published May 30, 2023
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports... Moderate Unreviewed
CVE-2023-28321 was published May 26, 2023
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation Moderate
GHSA-c892-cwq6-qrqf was published for org.keycloak:keycloak-core (Maven) May 26, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database