Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,095 advisories

Loading
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers... High Unreviewed
CVE-2021-3618 was published Mar 24, 2022
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate... High Unreviewed
CVE-2021-3698 was published Mar 11, 2022
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9... Moderate Unreviewed
CVE-2022-21170 was published Mar 11, 2022
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under... Moderate Unreviewed
CVE-2022-25243 was published Mar 11, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-42017 was published Mar 9, 2022
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable... Moderate Unreviewed
CVE-2022-22946 was published Mar 5, 2022
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting... High Unreviewed
CVE-2021-25636 was published Feb 25, 2022
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication... Moderate Unreviewed
CVE-2022-25638 was published Feb 25, 2022
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names)... Moderate Unreviewed
CVE-2021-44532 was published Feb 25, 2022
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to... High Unreviewed
CVE-2021-44531 was published Feb 25, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not... Critical Unreviewed
CVE-2021-29656 was published Feb 19, 2022
Improper Certificate Validation in Hutool Critical
CVE-2022-22885 was published for cn.hutool:hutool-http (Maven) Feb 17, 2022
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket Moderate
CVE-2022-24968 was published for mellium.im/xmpp (Go) Feb 16, 2022
moparisthebest
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp Moderate
GHSA-m658-p24x-p74r was published for mellium.im/xmpp (Go) Feb 12, 2022 withdrawn
In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate... Moderate Unreviewed
CVE-2022-20034 was published Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed
CVE-2022-24320 was published Feb 11, 2022
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in... Moderate Unreviewed
CVE-2022-24319 was published Feb 11, 2022
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers... High Unreviewed
CVE-2022-20703 was published Feb 11, 2022
Improper Certificate Validation in Graylog High
CVE-2020-15813 was published for org.graylog:graylog-parent (Maven) Feb 10, 2022
Apache Geode SSL endpoint verification vulnerability High
CVE-2019-10091 was published for org.apache.geode:geode-core (Maven) Feb 10, 2022
A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1... High Unreviewed
CVE-2021-21959 was published Feb 10, 2022
Improper Certificate Validation in node-sass Moderate
CVE-2020-24025 was published for node-sass (npm) Feb 9, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database