GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
482 advisories
Filter by severity
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
Moderate
Unreviewed
CVE-2022-46496
was published
Feb 7, 2023
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of...
Moderate
Unreviewed
CVE-2022-3913
was published
Feb 2, 2023
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird...
Moderate
Unreviewed
CVE-2022-1197
was published
Dec 22, 2022
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank...
Moderate
Unreviewed
CVE-2022-1834
was published
Dec 22, 2022
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the...
Moderate
Unreviewed
CVE-2022-22747
was published
Dec 22, 2022
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS...
Moderate
Unreviewed
CVE-2022-45419
was published
Dec 22, 2022
Apache Bookkeeper vulnerable to Improper Certificate Validation
Moderate
CVE-2022-32531
was published
for
org.apache.bookkeeper:bookkeeper-common
(Maven)
Dec 15, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by...
Moderate
Unreviewed
CVE-2021-45035
was published
Sep 25, 2022
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with...
Moderate
Unreviewed
CVE-2022-1632
was published
Sep 2, 2022
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is...
Moderate
Unreviewed
CVE-2021-43767
was published
Aug 26, 2022
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is...
Moderate
Unreviewed
CVE-2021-3798
was published
Aug 24, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which...
Moderate
Unreviewed
CVE-2022-34156
was published
Aug 17, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0...
Moderate
Unreviewed
CVE-2021-22131
was published
Jul 19, 2022
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20813
was published
Jul 7, 2022
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server...
Moderate
Unreviewed
CVE-2022-29482
was published
Jun 15, 2022
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses...
Moderate
Unreviewed
CVE-2022-26491
was published
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API