GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
933 advisories
Filter by severity
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL...
Critical
Unreviewed
CVE-2017-2800
was published
May 13, 2022
An exploitable denial of service vulnerability exists within the reading of proprietary server...
Moderate
Unreviewed
CVE-2017-2836
was published
May 13, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL...
Moderate
Unreviewed
CVE-2017-2913
was published
May 13, 2022
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of...
Moderate
Unreviewed
CVE-2021-27768
was published
May 13, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability.
High
Unreviewed
CVE-2022-26923
was published
May 11, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
Moderate
CVE-2013-2255
was published
for
cinder
(pip)
May 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
High
CVE-2022-24901
was published
for
parse-server
(npm)
May 4, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate
Moderate
CVE-2022-1343
was published
for
openssl-src
(Rust)
May 4, 2022
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows...
High
Unreviewed
CVE-2010-1378
was published
May 2, 2022
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,...
Moderate
Unreviewed
CVE-2009-4831
was published
May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is...
Moderate
Unreviewed
CVE-2009-3767
was published
May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Moderate
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes...
Moderate
Unreviewed
CVE-2009-3046
was published
May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before...
Moderate
Unreviewed
CVE-2009-2408
was published
May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates...
Moderate
Unreviewed
CVE-2005-3170
was published
May 1, 2022
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust...
High
Unreviewed
CVE-2002-0862
was published
Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01...
High
Unreviewed
CVE-2003-1229
was published
Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS...
High
Unreviewed
CVE-2012-0955
was published
Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead...
Moderate
Unreviewed
CVE-2012-1316
was published
Apr 23, 2022
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from...
High
Unreviewed
CVE-2012-5518
was published
Apr 23, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
High
Unreviewed
CVE-2012-6071
was published
Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08...
Moderate
Unreviewed
CVE-2021-3898
was published
Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of...
Moderate
Unreviewed
CVE-2011-2669
was published
Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to...
Moderate
Unreviewed
CVE-2011-2207
was published
Apr 22, 2022
Mercurial Improper Certificate Validation vulnerability
Moderate
CVE-2010-4237
was published
for
mercurial
(pip)
Apr 21, 2022
ProTip!
Advisories are also available from the
GraphQL API