Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,753
Erlang
35
GitHub Actions
29
Go
2,326
Maven
5,000+
npm
3,956
NuGet
712
pip
3,740
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

413 advisories

Loading
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an... High Unreviewed
CVE-2023-32330 was published Feb 7, 2024
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an... High Unreviewed
CVE-2022-20960 was published Nov 4, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... High Unreviewed
CVE-2020-29504 was published Feb 2, 2024
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin High
CVE-2023-35142 was published for com.checkmarx.jenkins:checkmarx (Maven) Jun 14, 2023
Jenkins Active Directory Plugin did not verify certificate of AD server High
CVE-2017-2649 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999034 was published for com.inedo.proget:inedo-proget (Maven) May 14, 2022
Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation High
CVE-2018-1999035 was published for com.inedo.buildmaster:inedo-buildmaster (Maven) May 14, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
hammer_cli_foreman Improper Certificate Validation vulnerability High
CVE-2017-2667 was published for hammer_cli_foreman (RubyGems) May 13, 2022
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local... High Unreviewed
CVE-2023-6043 was published Jan 19, 2024
Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability High
CVE-2018-1999025 was published for de.tracetronic.jenkins.plugins:ecutest (Maven) May 14, 2022
Jenkins Active Directory Plugin Improper certificate validation with StartTLS High
CVE-2019-1003009 was published for org.jenkins-ci.plugins:active-directory (Maven) May 13, 2022
Improper validation of the server’s certificate chain in secure traffic scanning feature... High Unreviewed
CVE-2023-5594 was published Dec 21, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this... High Unreviewed
CVE-2023-49247 was published Dec 6, 2023
Improper Certificate Validation in Apache activemq-client High
CVE-2018-11775 was published for org.apache.activemq:activemq-client (Maven) Oct 19, 2018
sunSUNQ
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a... High Unreviewed
CVE-2023-1514 was published Dec 19, 2023
FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate... High Unreviewed
CVE-2021-43114 was published May 24, 2022
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all... High Unreviewed
CVE-2023-6680 was published Dec 15, 2023
jruby-openssl gem for JRuby fails to do proper certificate validation High
CVE-2009-4123 was published for jruby-openssl (RubyGems) Jan 19, 2023
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and... High Unreviewed
CVE-2023-30222 was published Jun 16, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected... High Unreviewed
CVE-2023-48427 was published Dec 12, 2023
KEPServerEX does not properly validate certificates from clients which may allow... High Unreviewed
CVE-2023-5909 was published Dec 1, 2023
Missing SSL certificate validation in localstack High
CVE-2023-48054 was published for localstack (pip) Nov 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database