GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
480 advisories
Filter by severity
Apache Bookkeeper vulnerable to Improper Certificate Validation
Moderate
CVE-2022-32531
was published
for
org.apache.bookkeeper:bookkeeper-common
(Maven)
Dec 15, 2022
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS...
Moderate
Unreviewed
CVE-2022-45419
was published
Dec 22, 2022
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank...
Moderate
Unreviewed
CVE-2022-1834
was published
Dec 22, 2022
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the...
Moderate
Unreviewed
CVE-2022-22747
was published
Dec 22, 2022
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird...
Moderate
Unreviewed
CVE-2022-1197
was published
Dec 22, 2022
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of...
Moderate
Unreviewed
CVE-2022-3913
was published
Feb 2, 2023
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
Moderate
Unreviewed
CVE-2022-46496
was published
Feb 7, 2023
Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in...
Moderate
Unreviewed
CVE-2022-34404
was published
Feb 11, 2023
Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0...
Moderate
Unreviewed
CVE-2023-22367
was published
Feb 13, 2023
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions...
Moderate
Unreviewed
CVE-2023-22943
was published
Feb 14, 2023
Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of...
Moderate
Unreviewed
CVE-2022-48306
was published
Feb 16, 2023
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the...
Moderate
Unreviewed
CVE-2023-1055
was published
Feb 28, 2023
Applications that use a non-default option when verifying certificates may be vulnerable to an...
Moderate
Unreviewed
CVE-2023-0465
was published
Mar 28, 2023
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate...
Moderate
Unreviewed
CVE-2023-0466
was published
Mar 28, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Moderate
CVE-2023-25392
was published
for
bigflow
(pip)
Apr 10, 2023
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All...
Moderate
Unreviewed
CVE-2023-23588
was published
Apr 11, 2023
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2...
Moderate
Unreviewed
CVE-2022-48437
was published
Apr 12, 2023
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
Moderate
CVE-2023-30517
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Apr 12, 2023
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation
Moderate
CVE-2023-30516
was published
for
org.jenkins-ci.plugins:image-tag-parameter
(Maven)
Apr 12, 2023
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server,...
Moderate
Unreviewed
CVE-2023-31485
was published
Apr 29, 2023
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty...
Moderate
Unreviewed
CVE-2022-39161
was published
May 3, 2023
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01...
Moderate
Unreviewed
CVE-2023-23901
was published
May 10, 2023
An Improper Certificate Validation vulnerability
in the Schweitzer Engineering Laboratories...
Moderate
Unreviewed
CVE-2023-31151
was published
May 10, 2023
in-toto: PGP trust model not (fully) considered
Moderate
GHSA-jjgp-whrp-gq8m
was published
for
in-toto
(pip)
May 11, 2023
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2023-32994
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API