Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

945 advisories

Loading
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can... High Unreviewed
CVE-2024-25642 was published Feb 13, 2024
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products... Moderate Unreviewed
CVE-2023-47700 was published Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an... High Unreviewed
CVE-2023-32330 was published Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a... High Unreviewed
CVE-2023-43017 was published Feb 7, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under... Critical Unreviewed
CVE-2024-25140 was published Feb 6, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
curl inadvertently kept the SSL session ID for connections in its cache even when the verify... Moderate Unreviewed
CVE-2024-0853 was published Feb 3, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... High Unreviewed
CVE-2020-29504 was published Feb 2, 2024
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name... Moderate Unreviewed
CVE-2023-28807 was published Jan 31, 2024
SSL connections to NOVELL and Synology LDAP server are vulnerable to a man-in-the-middle attack... Critical Unreviewed
CVE-2023-50356 was published Jan 31, 2024
Ylianst MeshCentral Missing SSL Certificate Validation Critical
CVE-2023-51837 was published for meshcentral (npm) Jan 30, 2024
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and... Moderate Unreviewed
CVE-2023-33757 was published Jan 25, 2024
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate.... Moderate Unreviewed
CVE-2023-33760 was published Jan 25, 2024
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local... High Unreviewed
CVE-2023-6043 was published Jan 19, 2024
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL) Moderate
CVE-2023-51662 was published for Snowflake.Data (NuGet) Dec 22, 2023
TimoVink
Improper validation of the server’s certificate chain in secure traffic scanning feature... High Unreviewed
CVE-2023-5594 was published Dec 21, 2023
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a... High Unreviewed
CVE-2023-1514 was published Dec 19, 2023
An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all... High Unreviewed
CVE-2023-6680 was published Dec 15, 2023
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the... High Unreviewed
CVE-2020-12614 was published Dec 12, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected... High Unreviewed
CVE-2023-48427 was published Dec 12, 2023
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to... Moderate Unreviewed
CVE-2023-50454 was published Dec 10, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this... High Unreviewed
CVE-2023-49247 was published Dec 6, 2023
KEPServerEX does not properly validate certificates from clients which may allow... High Unreviewed
CVE-2023-5909 was published Dec 1, 2023
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity... High Unreviewed
CVE-2023-49312 was published Nov 27, 2023
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component.... High Unreviewed
CVE-2023-43082 was published Nov 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database