GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
931 advisories
Filter by severity
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to...
High
Unreviewed
CVE-2024-31872
was published
Apr 10, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to...
High
Unreviewed
CVE-2024-31871
was published
Apr 10, 2024
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-27323
was published
Apr 2, 2024
Serverpod client accepts any certificate
High
CVE-2024-29887
was published
for
serverpod_client
(Pub)
Mar 28, 2024
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for...
Moderate
Unreviewed
CVE-2024-27440
was published
Mar 13, 2024
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer...
High
Unreviewed
CVE-2024-1351
was published
Mar 7, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0...
Moderate
Unreviewed
CVE-2023-47742
was published
Mar 3, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler
High
CVE-2023-49250
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted...
High
Unreviewed
CVE-2023-40104
was published
Feb 16, 2024
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2...
Moderate
Unreviewed
CVE-2023-47537
was published
Feb 15, 2024
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can...
High
Unreviewed
CVE-2024-25642
was published
Feb 13, 2024
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products...
Moderate
Unreviewed
CVE-2023-47700
was published
Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an...
High
Unreviewed
CVE-2023-32330
was published
Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a...
High
Unreviewed
CVE-2023-43017
was published
Feb 7, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under...
Critical
Unreviewed
CVE-2024-25140
was published
Feb 6, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
curl inadvertently kept the SSL session ID for connections in its cache even when the verify...
Moderate
Unreviewed
CVE-2024-0853
was published
Feb 3, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,...
High
Unreviewed
CVE-2020-29504
was published
Feb 2, 2024
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name...
Moderate
Unreviewed
CVE-2023-28807
was published
Jan 31, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack...
Critical
Unreviewed
CVE-2023-50356
was published
Jan 31, 2024
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate....
Moderate
Unreviewed
CVE-2023-33760
was published
Jan 25, 2024
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and...
Moderate
Unreviewed
CVE-2023-33757
was published
Jan 25, 2024
ProTip!
Advisories are also available from the
GraphQL API