GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
945 advisories
Filter by severity
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can...
High
Unreviewed
CVE-2024-25642
was published
Feb 13, 2024
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products...
Moderate
Unreviewed
CVE-2023-47700
was published
Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an...
High
Unreviewed
CVE-2023-32330
was published
Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a...
High
Unreviewed
CVE-2023-43017
was published
Feb 7, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under...
Critical
Unreviewed
CVE-2024-25140
was published
Feb 6, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
curl inadvertently kept the SSL session ID for connections in its cache even when the verify...
Moderate
Unreviewed
CVE-2024-0853
was published
Feb 3, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,...
High
Unreviewed
CVE-2020-29504
was published
Feb 2, 2024
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name...
Moderate
Unreviewed
CVE-2023-28807
was published
Jan 31, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack...
Critical
Unreviewed
CVE-2023-50356
was published
Jan 31, 2024
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and...
Moderate
Unreviewed
CVE-2023-33757
was published
Jan 25, 2024
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate....
Moderate
Unreviewed
CVE-2023-33760
was published
Jan 25, 2024
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local...
High
Unreviewed
CVE-2023-6043
was published
Jan 19, 2024
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Moderate
CVE-2023-51662
was published
for
Snowflake.Data
(NuGet)
Dec 22, 2023
Improper validation of the server’s certificate chain in secure traffic scanning feature...
High
Unreviewed
CVE-2023-5594
was published
Dec 21, 2023
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a...
High
Unreviewed
CVE-2023-1514
was published
Dec 19, 2023
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all...
High
Unreviewed
CVE-2023-6680
was published
Dec 15, 2023
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the...
High
Unreviewed
CVE-2020-12614
was published
Dec 12, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected...
High
Unreviewed
CVE-2023-48427
was published
Dec 12, 2023
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to...
Moderate
Unreviewed
CVE-2023-50454
was published
Dec 10, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this...
High
Unreviewed
CVE-2023-49247
was published
Dec 6, 2023
KEPServerEX does not properly validate certificates from clients which may allow...
High
Unreviewed
CVE-2023-5909
was published
Dec 1, 2023
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity...
High
Unreviewed
CVE-2023-49312
was published
Nov 27, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component....
High
Unreviewed
CVE-2023-43082
was published
Nov 22, 2023
ProTip!
Advisories are also available from the
GraphQL API