GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
in-toto: PGP trust model not (fully) considered
Moderate
GHSA-jjgp-whrp-gq8m
was published
for
in-toto
(pip)
May 11, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
Moderate
CVE-2023-30517
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Apr 12, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation
Moderate
CVE-2023-30516
was published
for
org.jenkins-ci.plugins:image-tag-parameter
(Maven)
Apr 12, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Moderate
CVE-2023-25392
was published
for
bigflow
(pip)
Apr 10, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation
Moderate
CVE-2022-32531
was published
for
org.apache.bookkeeper:bookkeeper-common
(Maven)
Dec 15, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
Pion/DLTS Accepts Client Certificates Without CertificateVerify
Moderate
CVE-2022-29222
was published
for
github.com/pion/dtls
(Go)
May 25, 2022
Improper Certificate Validation in MongoDB
Moderate
CVE-2021-20328
was published
for
org.mongodb:mongo-java-driver
(Maven)
May 24, 2022
kevinsawicki/http-request Missing certificate validation
Moderate
CVE-2019-1010206
was published
for
com.github.kevinsawicki:http-request
(Maven)
May 24, 2022
MongoDB Tools Improper Certificate Validation vulnerability
Moderate
CVE-2020-7924
was published
for
github.com/mongodb/mongo-tools
(Go)
May 24, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22511
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
Missing hostname validation in Email Extension Plugin
Moderate
CVE-2020-2253
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
Moderate
CVE-2020-2187
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
Moderate
CVE-2019-10444
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
Moderate
CVE-2019-10382
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API