GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
Agent Dart is missing certificate verification checks
High
CVE-2024-48915
was published
for
agent_dart
(Pub)
Oct 15, 2024
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate
High
CVE-2014-0161
was published
for
ovirt-engine-sdk-python
(pip)
May 17, 2022
Yelp OSXCollector Improper Certificate Validation
High
CVE-2018-10406
was published
for
osxcollector
(pip)
May 13, 2022
OpenStack keystonemiddleware does not verify certificate
High
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
High
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
High
CVE-2023-48052
was published
for
httpie
(pip)
Nov 16, 2023
Data leakage via cache key collision in Django
Moderate
CVE-2020-13254
was published
for
Django
(pip)
Jun 5, 2020
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
cryptography mishandles SSH certificates
High
CVE-2023-38325
was published
for
cryptography
(pip)
Jul 14, 2023
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
Improper Certificate Validation in blackduck
High
CVE-2020-27589
was published
for
blackduck
(pip)
Apr 20, 2021
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40828
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40830
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40831
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Httpful is Missing Certificate Validation
Moderate
GHSA-gcfg-hmwx-wq5h
was published
for
nategood/httpful
(Composer)
Sep 9, 2024
Filestash configured to skip TLS certificate verification when using the FTPS protocol
High
CVE-2024-41255
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Moderate
CVE-2024-41264
was published
for
github.com/casdoor/casdoor
(Go)
Aug 1, 2024
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Filestash skips TLS certificate verification process when sending out email verification codes
High
CVE-2024-41256
was published
for
github.com/mickael-kerjean/filestash
(Go)
Jul 31, 2024
electron-updater Code Signing Bypass on Windows
High
CVE-2024-39698
was published
for
electron-updater
(npm)
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API