GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper Certificate Validation in apache HttpClient
Moderate
CVE-2012-5783
was published
for
commons-httpclient:commons-httpclient
(Maven)
May 13, 2022
Cloud Foundry vulnerable to Improper Certificate Validation
Moderate
CVE-2016-5016
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 14, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Moderate
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Improper Certificate Validation in MongoDB
Moderate
CVE-2021-20328
was published
for
org.mongodb:mongo-java-driver
(Maven)
May 24, 2022
Jenkins SSH Build Agents Plugin did not verify host keys
Moderate
CVE-2017-2648
was published
for
org.jenkins-ci.plugins:ssh-slaves
(Maven)
May 13, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
Improper Certificate Validation in Apache CXF
Moderate
CVE-2017-5653
was published
for
org.apache.cxf:cxf-core
(Maven)
May 13, 2022
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
Moderate
CVE-2020-2187
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
Moderate
CVE-2018-1000151
was published
for
org.jenkins-ci.plugins:vsphere-cloud
(Maven)
May 14, 2022
Missing hostname validation in Email Extension Plugin
Moderate
CVE-2020-2253
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 24, 2022
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Moderate
CVE-2020-2252
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 24, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22511
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation
Moderate
CVE-2019-10334
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation
Moderate
GHSA-c892-cwq6-qrqf
was published
for
org.keycloak:keycloak-core
(Maven)
May 26, 2023
•
withdrawn
Withdrawn Advisory: Netty-handler does not validate host names by default
Moderate
CVE-2023-4586
was published
for
io.netty:netty-handler
(Maven)
Oct 4, 2023
•
withdrawn
light-oauth2 missing public key verification
Moderate
CVE-2023-31580
was published
for
com.networknt:light-oauth2
(Maven)
Oct 25, 2023
Apache Bookkeeper vulnerable to Improper Certificate Validation
Moderate
CVE-2022-32531
was published
for
org.apache.bookkeeper:bookkeeper-common
(Maven)
Dec 15, 2022
Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
Moderate
CVE-2023-32994
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Bouncy Castle For Java LDAP injection vulnerability
Moderate
CVE-2023-33201
was published
for
org.bouncycastle:bcprov-debug-jdk14
(Maven)
Jul 5, 2023
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API