GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
98 advisories
Filter by severity
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.
Critical
Unreviewed
CVE-2022-45597
was published
Mar 25, 2023
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up...
Critical
Unreviewed
CVE-2022-31733
was published
Feb 3, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation...
Critical
Unreviewed
CVE-2022-45100
was published
Feb 1, 2023
A certificate validation issue existed in the handling of WKWebView. This issue was addressed...
Critical
Unreviewed
CVE-2022-42813
was published
Nov 2, 2022
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible...
Critical
Unreviewed
CVE-2022-34831
was published
Sep 15, 2022
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage...
Critical
Unreviewed
CVE-2022-37437
was published
Aug 17, 2022
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x,...
Critical
Unreviewed
CVE-2022-34865
was published
Aug 5, 2022
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a...
Critical
Unreviewed
CVE-2022-26305
was published
Jul 26, 2022
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL:...
Critical
Unreviewed
CVE-2014-8164
was published
Jul 7, 2022
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not...
Critical
Unreviewed
CVE-2022-32151
was published
Jun 16, 2022
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line...
Critical
Unreviewed
CVE-2022-32156
was published
Jun 16, 2022
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages....
Critical
Unreviewed
CVE-2017-7406
was published
May 24, 2022
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate...
Critical
Unreviewed
CVE-2021-33907
was published
May 24, 2022
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted...
Critical
Unreviewed
CVE-2021-33695
was published
May 24, 2022
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker...
Critical
Unreviewed
CVE-2021-20110
was published
May 24, 2022
While processing server certificate from IPSec server, certificate validation for subject...
Critical
Unreviewed
CVE-2020-11176
was published
May 24, 2022
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of...
Critical
Unreviewed
CVE-2020-28907
was published
May 24, 2022
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server...
Critical
Unreviewed
CVE-2021-3460
was published
May 24, 2022
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for...
Critical
Unreviewed
CVE-2021-3336
was published
May 24, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM)...
Critical
Unreviewed
CVE-2020-27649
was published
May 24, 2022
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager ...
Critical
Unreviewed
CVE-2020-27648
was published
May 24, 2022
A certificate validation issue existed when processing administrator added certificates. This...
Critical
Unreviewed
CVE-2020-9868
was published
May 24, 2022
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c...
Critical
Unreviewed
CVE-2020-7043
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because...
Critical
Unreviewed
CVE-2019-18632
was published
May 24, 2022
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate...
Critical
Unreviewed
CVE-2019-18633
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API