GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,266

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

524 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of... Moderate Unreviewed

CVE-2016-9064 was published May 14, 2022

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not... Moderate Unreviewed

CVE-2018-0591 was published May 14, 2022

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library... Moderate Unreviewed

CVE-2018-8119 was published May 14, 2022

X509 certificate verification was not correctly implemented in the IP Intelligence Subscription... Moderate Unreviewed

CVE-2017-6143 was published May 14, 2022

Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate

CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves... Moderate Unreviewed

CVE-2017-13863 was published May 14, 2022

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10... Moderate Unreviewed

CVE-2018-4086 was published May 14, 2022

IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self... Moderate Unreviewed

CVE-2015-4954 was published May 14, 2022

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow... Moderate Unreviewed

CVE-2018-6219 was published May 14, 2022

LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed

CVE-2018-0518 was published May 14, 2022

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. Moderate Unreviewed

CVE-2012-6709 was published May 14, 2022

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to... Moderate Unreviewed

CVE-2017-17455 was published May 14, 2022

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application... Moderate Unreviewed

CVE-2017-9968 was published May 14, 2022

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless... Moderate Unreviewed

CVE-2017-12721 was published May 14, 2022

The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3... Moderate Unreviewed

CVE-2018-6374 was published May 14, 2022

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible... Moderate Unreviewed

CVE-2017-1000417 was published May 14, 2022

X509 certificate verification was not correctly implemented in the early access "user id" feature... Moderate Unreviewed

CVE-2017-6142 was published May 14, 2022

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote... Moderate Unreviewed

CVE-2018-5258 was published May 14, 2022

The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL... Moderate Unreviewed

CVE-2015-2981 was published May 14, 2022

Improper Certificate Validation in vt-ldap Moderate

CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate... Moderate Unreviewed

CVE-2017-1000415 was published May 14, 2022

GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a... Moderate Unreviewed

CVE-2017-17716 was published May 14, 2022

The default vhost configuration file in Puppet before 3.6.2 does not include the... Moderate Unreviewed

CVE-2014-3250 was published May 14, 2022

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T,... Moderate Unreviewed

CVE-2017-8213 was published May 17, 2022

nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate

CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022

Previous 1 2 … 5 6 7 8 9 … 20 21 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

524 advisories