GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
756 advisories
Filter by severity
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore...
Moderate
Unreviewed
CVE-2018-3927
was published
May 13, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud...
High
Unreviewed
CVE-2018-4015
was published
May 13, 2022
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code...
High
Unreviewed
CVE-2017-2784
was published
May 13, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL...
Critical
Unreviewed
CVE-2017-2800
was published
May 13, 2022
An exploitable denial of service vulnerability exists within the reading of proprietary server...
Moderate
Unreviewed
CVE-2017-2836
was published
May 13, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL...
Moderate
Unreviewed
CVE-2017-2913
was published
May 13, 2022
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of...
Moderate
Unreviewed
CVE-2021-27768
was published
May 13, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability.
High
Unreviewed
CVE-2022-26923
was published
May 11, 2022
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows...
High
Unreviewed
CVE-2010-1378
was published
May 2, 2022
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,...
Moderate
Unreviewed
CVE-2009-4831
was published
May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is...
Moderate
Unreviewed
CVE-2009-3767
was published
May 2, 2022
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes...
Moderate
Unreviewed
CVE-2009-3046
was published
May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before...
Moderate
Unreviewed
CVE-2009-2408
was published
May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates...
Moderate
Unreviewed
CVE-2005-3170
was published
May 1, 2022
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust...
High
Unreviewed
CVE-2002-0862
was published
Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01...
High
Unreviewed
CVE-2003-1229
was published
Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS...
High
Unreviewed
CVE-2012-0955
was published
Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead...
Moderate
Unreviewed
CVE-2012-1316
was published
Apr 23, 2022
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from...
High
Unreviewed
CVE-2012-5518
was published
Apr 23, 2022
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
High
Unreviewed
CVE-2012-6071
was published
Apr 23, 2022
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08...
Moderate
Unreviewed
CVE-2021-3898
was published
Apr 23, 2022
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of...
Moderate
Unreviewed
CVE-2011-2669
was published
Apr 22, 2022
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to...
Moderate
Unreviewed
CVE-2011-2207
was published
Apr 22, 2022
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates...
Moderate
Unreviewed
CVE-2007-5967
was published
Apr 21, 2022
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when...
High
Unreviewed
CVE-2022-27536
was published
Apr 21, 2022
ProTip!
Advisories are also available from the
GraphQL API