GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,352
Composer 4,362
Erlang 33
GitHub Actions 22
Go 2,134
Maven 5,313
npm 3,797
NuGet 687
pip 3,473
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,276

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

413 advisories

Filter by severity

Sort by

Least recently updated

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates... Moderate Unreviewed

CVE-2015-4100 was published May 24, 2022

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by... Moderate Unreviewed

CVE-2019-4264 was published May 24, 2022

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass... Moderate Unreviewed

CVE-2018-20200 was published May 24, 2022

Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to... Moderate Unreviewed

CVE-2021-23167 was published May 24, 2022

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV... Moderate Unreviewed

CVE-2021-26320 was published May 24, 2022

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS... Moderate Unreviewed

CVE-2021-41019 was published May 24, 2022

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted... Moderate Unreviewed

CVE-2021-22278 was published May 24, 2022

CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. Moderate Unreviewed

CVE-2021-36756 was published May 24, 2022

Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate... Moderate Unreviewed

CVE-2021-40713 was published May 24, 2022

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a... Moderate Unreviewed

CVE-2021-20435 was published May 24, 2022

A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An... Moderate Unreviewed

CVE-2021-1837 was published May 24, 2022

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the... Moderate Unreviewed

CVE-2021-39365 was published May 24, 2022

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when... Moderate Unreviewed

CVE-2020-36477 was published May 24, 2022

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification... Moderate Unreviewed

CVE-2021-39358 was published May 24, 2022

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on... Moderate Unreviewed

CVE-2021-39360 was published May 24, 2022

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on... Moderate Unreviewed

CVE-2021-39359 was published May 24, 2022

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate... Moderate Unreviewed

CVE-2021-39361 was published May 24, 2022

If the Node.js https API was used incorrectly and "undefined" was in passed for the ... Moderate Unreviewed

CVE-2021-22939 was published May 24, 2022

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the... Moderate Unreviewed

CVE-2021-31399 was published May 24, 2022

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the... Moderate Unreviewed

CVE-2021-32069 was published May 24, 2022

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check... Moderate Unreviewed

CVE-2020-36425 was published May 24, 2022

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key... Moderate Unreviewed

CVE-2021-34558 was published May 24, 2022

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept... Moderate Unreviewed

CVE-2021-36382 was published May 24, 2022

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass... Moderate Unreviewed

CVE-2021-36371 was published May 24, 2022

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature... Moderate Unreviewed

CVE-2021-21571 was published May 24, 2022

Previous 1 2 3 4 5 6 7 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

413 advisories