Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,071
Maven
5,000+
npm
3,744
NuGet
669
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10444 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation Moderate
CVE-2019-10382 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability Moderate
CVE-2019-10381 was published for org.jenkins-ci.plugins:codefresh (Maven) May 24, 2022
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation Moderate
CVE-2019-10334 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10317 was published for org.jvnet.hudson.plugins:sitemonitor (Maven) May 24, 2022
Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation Moderate
CVE-2019-10314 was published for org.jenkins-ci.plugins:koji (Maven) May 24, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate Moderate
CVE-2017-1000209 was published for com.neovisionaries:nv-websocket-client (Maven) May 17, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default Moderate
CVE-2018-1000151 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 14, 2022
Jenkins CollabNet Plugin man in the middle vulnerability Moderate
CVE-2018-1000605 was published for org.jenkins-ci.plugins:collabnet (Maven) May 14, 2022
Cloud Foundry vulnerable to Improper Certificate Validation Moderate
CVE-2016-5016 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Improper Certificate Validation in Jenkins Moderate
CVE-2017-1000396 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins SSH Build Agents Plugin did not verify host keys Moderate
CVE-2017-2648 was published for org.jenkins-ci.plugins:ssh-slaves (Maven) May 13, 2022
Keycloak Authentication Error Moderate
CVE-2018-10894 was published for org.keycloak:keycloak-saml-adapter-core (Maven) May 13, 2022
Improper Certificate Validation in OkHttp Moderate
CVE-2016-2402 was published for com.squareup.okhttp3:okhttp (Maven) May 13, 2022
Improper Certificate Validation in Apache Commons HttpClient Moderate
CVE-2012-5783 was published for commons-httpclient:commons-httpclient (Maven) May 13, 2022
ebickle
Improper Certificate Validation in Apache CXF Moderate
CVE-2017-5653 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Improper Certificate Validation in OWASP ZAP Moderate
CVE-2022-27820 was published for org.zaproxy:zap (Maven) Mar 25, 2022
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak Moderate
CVE-2020-1758 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40828 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Missing Authentication for Critical Function in Apache Calcite Moderate
CVE-2020-13955 was published for org.apache.calcite:calcite-core (Maven) Apr 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database