GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
Keycloak Authentication Error
Critical
CVE-2019-14910
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
Moderate
CVE-2019-10444
was published
for
org.jenkins-ci.plugins:bumblebee
(Maven)
May 24, 2022
Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification
High
CVE-2019-10446
was published
for
org.jenkins-ci.plugins:vmanager-plugin
(Maven)
May 24, 2022
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
Moderate
CVE-2019-10382
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability
Moderate
CVE-2019-10381
was published
for
org.jenkins-ci.plugins:codefresh
(Maven)
May 24, 2022
Elastic APM agent for Ruby vulnerable to Improper Certificate Validation
High
CVE-2019-7615
was published
for
elastic-apm
(RubyGems)
May 24, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
Moderate
CVE-2019-10334
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability
High
CVE-2019-12496
was published
for
github.com/hybridgroup/gobot
(Go)
May 24, 2022
Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2019-10317
was published
for
org.jvnet.hudson.plugins:sitemonitor
(Maven)
May 24, 2022
Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2019-10314
was published
for
org.jenkins-ci.plugins:koji
(Maven)
May 24, 2022
Improper Certificate Validation in Apache Qpid Proton
High
CVE-2019-0223
was published
for
org.apache.qpid:proton-j
(Maven)
May 24, 2022
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
High
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
OpenStack keystonemiddleware does not verify certificate
High
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
High
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
Urllib3 Incorrect Certificate Validation
Moderate
CVE-2016-9015
was published
for
urllib3
(pip)
May 17, 2022
Restkit Does Not Validate TLS certificates
Moderate
CVE-2015-2674
was published
for
restkit
(pip)
May 17, 2022
Improper Input Validation in XFire
High
CVE-2012-5817
was published
for
org.codehaus.xfire:xfire-core
(Maven)
May 17, 2022
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
Moderate
CVE-2017-1000209
was published
for
com.neovisionaries:nv-websocket-client
(Maven)
May 17, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
Moderate
CVE-2018-1000151
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API