Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

122 advisories

Loading
in-toto: PGP trust model not (fully) considered Moderate
GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation Moderate
CVE-2023-30517 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Apr 12, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation Moderate
CVE-2023-30516 was published for org.jenkins-ci.plugins:image-tag-parameter (Maven) Apr 12, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation Moderate
CVE-2022-32531 was published for org.apache.bookkeeper:bookkeeper-common (Maven) Dec 15, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault Credited to NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault Credited to NotMyFault
Improper Certificate Validation in Liferay Portal Moderate
CVE-2022-42131 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation Moderate
CVE-2022-33682 was published for org.apache.pulsar:pulsar-broker (Maven) Sep 25, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation Moderate
CVE-2022-33683 was published for org.apache.pulsar:pulsar-broker (Maven) Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation Moderate
CVE-2022-33681 was published for org.apache.pulsar:pulsar-client (Maven) Sep 25, 2022
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault Credited to NotMyFault
Keycloak vulnerable to Improper Certificate Validation Moderate
CVE-2020-35509 was published for org.keycloak:keycloak-core (Maven) Aug 24, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault Credited to NotMyFault
Pion/DLTS Accepts Client Certificates Without CertificateVerify Moderate
CVE-2022-29222 was published for github.com/pion/dtls (Go) May 25, 2022
Improper Certificate Validation in MongoDB Moderate
CVE-2021-20328 was published for org.mongodb:mongo-java-driver (Maven) May 24, 2022
kevinsawicki/http-request Missing certificate validation Moderate
CVE-2019-1010206 was published for com.github.kevinsawicki:http-request (Maven) May 24, 2022
MongoDB Tools Improper Certificate Validation vulnerability Moderate
CVE-2020-7924 was published for github.com/mongodb/mongo-tools (Go) May 24, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin Moderate
CVE-2020-2252 was published for org.jenkins-ci.plugins:mailer (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
Missing hostname validation in Email Extension Plugin Moderate
CVE-2020-2253 was published for org.jenkins-ci.plugins:email-ext (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation Moderate
CVE-2019-10382 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API