Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

490 advisories

Loading
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates... Moderate Unreviewed
CVE-2017-8939 was published May 13, 2022
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not... Moderate Unreviewed
CVE-2016-1184 was published May 13, 2022
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509... Moderate Unreviewed
CVE-2017-8935 was published May 13, 2022
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which... Moderate Unreviewed
CVE-2017-8943 was published May 13, 2022
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509... Moderate Unreviewed
CVE-2015-4094 was published May 13, 2022
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC... Moderate Unreviewed
CVE-2012-3037 was published May 13, 2022
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's... Moderate Unreviewed
CVE-2012-5824 was published May 13, 2022
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore... Moderate Unreviewed
CVE-2018-3927 was published May 13, 2022
An exploitable denial of service vulnerability exists within the reading of proprietary server... Moderate Unreviewed
CVE-2017-2836 was published May 13, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL... Moderate Unreviewed
CVE-2017-2913 was published May 13, 2022
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of... Moderate Unreviewed
CVE-2021-27768 was published May 13, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation Moderate
CVE-2013-2255 was published for cinder (pip) May 5, 2022
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,... Moderate Unreviewed
CVE-2009-4831 was published May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is... Moderate Unreviewed
CVE-2009-3767 was published May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed
CVE-2012-1316 was published Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08... Moderate Unreviewed
CVE-2021-3898 was published Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of... Moderate Unreviewed
CVE-2011-2669 was published Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to... Moderate Unreviewed
CVE-2011-2207 was published Apr 22, 2022
Mercurial Improper Certificate Validation vulnerability Moderate
CVE-2010-4237 was published for mercurial (pip) Apr 21, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates... Moderate Unreviewed
CVE-2007-5967 was published Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database