GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,135
Composer 4,081
Erlang 29
GitHub Actions 19
Go 1,909
Maven 5,106
npm 3,642
NuGet 638
pip 3,258
Pub 10
RubyGems 869
Rust 820
Swift 35

Unreviewed advisories

All unreviewed 229,032

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

480 advisories

Filter by severity

Sort by

Least recently updated

Apache Bookkeeper vulnerable to Improper Certificate Validation Moderate

CVE-2022-32531 was published for org.apache.bookkeeper:bookkeeper-common (Maven) Dec 15, 2022

If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS... Moderate Unreviewed

CVE-2022-45419 was published Dec 22, 2022

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank... Moderate Unreviewed

CVE-2022-1834 was published Dec 22, 2022

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the... Moderate Unreviewed

CVE-2022-22747 was published Dec 22, 2022

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird... Moderate Unreviewed

CVE-2022-1197 was published Dec 22, 2022

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of... Moderate Unreviewed

CVE-2022-3913 was published Feb 2, 2023

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. Moderate Unreviewed

CVE-2022-46496 was published Feb 7, 2023

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in... Moderate Unreviewed

CVE-2022-34404 was published Feb 11, 2023

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0... Moderate Unreviewed

CVE-2023-22367 was published Feb 13, 2023

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions... Moderate Unreviewed

CVE-2023-22943 was published Feb 14, 2023

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of... Moderate Unreviewed

CVE-2022-48306 was published Feb 16, 2023

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the... Moderate Unreviewed

CVE-2023-1055 was published Feb 28, 2023

Applications that use a non-default option when verifying certificates may be vulnerable to an... Moderate Unreviewed

CVE-2023-0465 was published Mar 28, 2023

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate... Moderate Unreviewed

CVE-2023-0466 was published Mar 28, 2023

Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate

CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All... Moderate Unreviewed

CVE-2023-23588 was published Apr 11, 2023

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2... Moderate Unreviewed

CVE-2022-48437 was published Apr 12, 2023

Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation Moderate

CVE-2023-30517 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Apr 12, 2023

Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation Moderate

CVE-2023-30516 was published for org.jenkins-ci.plugins:image-tag-parameter (Maven) Apr 12, 2023

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,... Moderate Unreviewed

CVE-2023-31485 was published Apr 29, 2023

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty... Moderate Unreviewed

CVE-2022-39161 was published May 3, 2023

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01... Moderate Unreviewed

CVE-2023-23901 was published May 10, 2023

An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories... Moderate Unreviewed

CVE-2023-31151 was published May 10, 2023

in-toto: PGP trust model not (fully) considered Moderate

GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023

Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation Moderate

CVE-2023-32994 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023

Previous 1 2 … 15 16 17 18 19 20 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

480 advisories