GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Moderate severity vulnerability that affects splunk-sdk
High
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Improper Certificate Validation in pyload-ng
High
CVE-2023-0509
was published
for
pyload-ng
(pip)
Jan 27, 2023
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
High
CVE-2022-33684
was published
for
pulsar-client
(pip)
Nov 4, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
High
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
Slixmpp lacks SSL Certificate hostname validation in XMLStream
High
CVE-2022-45197
was published
for
slixmpp
(pip)
Dec 25, 2022
in-toto: PGP trust model not (fully) considered
Moderate
GHSA-jjgp-whrp-gq8m
was published
for
in-toto
(pip)
May 11, 2023
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Improper Certificate Validation in Twisted
High
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
Python Twisted trustRoot is not respected in HTTP client
High
CVE-2014-7143
was published
for
twisted
(pip)
Dec 17, 2019
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Moderate
CVE-2023-25392
was published
for
bigflow
(pip)
Apr 10, 2023
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
Moderate
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Improper Certificate Validation in urllib3
High
CVE-2019-11324
was published
for
urllib3
(pip)
Apr 19, 2019
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
Missing SSL certificate validation in localstack
High
CVE-2023-48054
was published
for
localstack
(pip)
Nov 16, 2023
Urllib3 Incorrect Certificate Validation
Low
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
SaltStack Salt Improper Certificate Validation
Moderate
CVE-2020-28972
was published
for
salt
(pip)
May 24, 2022
Yelp OSXCollector Improper Certificate Validation
High
CVE-2018-10406
was published
for
osxcollector
(pip)
May 13, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Salt vulnerable to Improper Certificate Validation
High
CVE-2015-4017
was published
for
salt
(pip)
May 14, 2022
SaltStack Salt Improper SSL Certificate Validation
High
CVE-2020-35662
was published
for
salt
(pip)
May 24, 2022
Mercurial Improper Certificate Validation vulnerability
Moderate
CVE-2010-4237
was published
for
mercurial
(pip)
Apr 21, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
Moderate
CVE-2013-2255
was published
for
cinder
(pip)
May 5, 2022
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Moderate
CVE-2021-28363
was published
for
urllib3
(pip)
Mar 19, 2021
ProTip!
Advisories are also available from the
GraphQL API