GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
482 advisories
Filter by severity
Details The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is...
Moderate
Unreviewed
CVE-2020-12144
was published
May 24, 2022
Summary - The certificate used to identify Orchestrator to EdgeConnect devices is not validated...
Moderate
Unreviewed
CVE-2020-12143
was published
May 24, 2022
Improper Certificate Validation in MongoDB
Moderate
CVE-2021-20328
was published
for
org.mongodb:mongo-java-driver
(Maven)
May 24, 2022
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0...
Moderate
Unreviewed
CVE-2022-22306
was published
May 25, 2022
Pion/DLTS Accepts Client Certificates Without CertificateVerify
Moderate
CVE-2022-29222
was published
for
github.com/pion/dtls
(Go)
May 25, 2022
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5,...
Moderate
Unreviewed
CVE-2022-26766
was published
May 27, 2022
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0...
Moderate
Unreviewed
CVE-2022-29082
was published
May 27, 2022
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses...
Moderate
Unreviewed
CVE-2022-26491
was published
Jun 3, 2022
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server...
Moderate
Unreviewed
CVE-2022-29482
was published
Jun 15, 2022
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway...
Moderate
Unreviewed
CVE-2022-20813
was published
Jul 7, 2022
A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0...
Moderate
Unreviewed
CVE-2021-22131
was published
Jul 19, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which...
Moderate
Unreviewed
CVE-2022-34156
was published
Aug 17, 2022
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is...
Moderate
Unreviewed
CVE-2021-3798
was published
Aug 24, 2022
Keycloak vulnerable to Improper Certificate Validation
Moderate
CVE-2020-35509
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 24, 2022
Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is...
Moderate
Unreviewed
CVE-2021-43767
was published
Aug 26, 2022
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with...
Moderate
Unreviewed
CVE-2022-1632
was published
Sep 2, 2022
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by...
Moderate
Unreviewed
CVE-2021-45035
was published
Sep 25, 2022
Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33682
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33681
was published
for
org.apache.pulsar:pulsar-client
(Maven)
Sep 25, 2022
Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation
Moderate
CVE-2022-33683
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Sep 25, 2022
Improper Certificate Validation in Liferay Portal
Moderate
CVE-2022-42131
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API