GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
in-toto: PGP trust model not (fully) considered
Moderate
GHSA-jjgp-whrp-gq8m
was published
for
in-toto
(pip)
May 11, 2023
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Moderate
CVE-2023-25392
was published
for
bigflow
(pip)
Apr 10, 2023
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
Moderate
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
SaltStack Salt Improper Certificate Validation
Moderate
CVE-2020-28972
was published
for
salt
(pip)
May 24, 2022
Mercurial Improper Certificate Validation vulnerability
Moderate
CVE-2010-4237
was published
for
mercurial
(pip)
Apr 21, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
Moderate
CVE-2013-2255
was published
for
cinder
(pip)
May 5, 2022
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Data leakage via cache key collision in Django
Moderate
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
ProTip!
Advisories are also available from the
GraphQL API