Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

413 advisories

Loading
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information,... Moderate Unreviewed
CVE-2018-1543 was published May 13, 2022
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow... Moderate Unreviewed
CVE-2019-1757 was published May 13, 2022
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS... Moderate Unreviewed
CVE-2019-3841 was published May 13, 2022
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which... Moderate Unreviewed
CVE-2014-2845 was published May 13, 2022
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification... Moderate Unreviewed
CVE-2016-1000033 was published May 13, 2022
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a... Moderate Unreviewed
CVE-2011-3061 was published May 13, 2022
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service ... Moderate Unreviewed
CVE-2011-3024 was published May 13, 2022
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed... Moderate Unreviewed
CVE-2011-2874 was published May 13, 2022
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate... Moderate Unreviewed
CVE-2010-4685 was published May 13, 2022
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X... Moderate Unreviewed
CVE-2017-3212 was published May 13, 2022
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed
CVE-2017-5902 was published May 13, 2022
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5905 was published May 13, 2022
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not... Moderate Unreviewed
CVE-2017-9591 was published May 13, 2022
The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 --... Moderate Unreviewed
CVE-2017-9585 was published May 13, 2022
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3,... Moderate Unreviewed
CVE-2013-0776 was published May 13, 2022
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate... Moderate Unreviewed
CVE-2017-15528 was published May 13, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu... Moderate Unreviewed
CVE-2016-1252 was published May 13, 2022
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not... Moderate Unreviewed
CVE-2014-0363 was published May 13, 2022
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not... Moderate Unreviewed
CVE-2016-4830 was published May 13, 2022
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL... Moderate Unreviewed
CVE-2017-8938 was published May 13, 2022
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an... Moderate Unreviewed
CVE-2017-10819 was published May 13, 2022
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers,... Moderate Unreviewed
CVE-2017-5914 was published May 13, 2022
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to... Moderate Unreviewed
CVE-2018-18568 was published May 13, 2022
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS... Moderate Unreviewed
CVE-2017-8936 was published May 13, 2022
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows... Moderate Unreviewed
CVE-2017-8060 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database