Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,773
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

884 advisories

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper... Moderate Unreviewed
CVE-2024-35299 was published May 16, 2024
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may... Moderate Unreviewed
CVE-2024-33612 was published May 8, 2024
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution... High Unreviewed
CVE-2023-35721 was published May 3, 2024
A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as... Low Unreviewed
CVE-2024-4063 was published Apr 23, 2024
A vulnerability was found in Hualai Xiaofang iSC5 3.2.2_112 and classified as problematic.... Low Unreviewed
CVE-2024-4062 was published Apr 23, 2024
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Moderate
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive... Low Unreviewed
CVE-2023-37397 was published Apr 19, 2024
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This... High Unreviewed
CVE-2024-3738 was published Apr 13, 2024
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to... Moderate Unreviewed
CVE-2023-50949 was published Apr 11, 2024
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to... High Unreviewed
CVE-2024-31871 was published Apr 10, 2024
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability.... High Unreviewed
CVE-2024-27323 was published Apr 2, 2024
Serverpod client accepts any certificate High
CVE-2024-29887 was published for serverpod_client (Pub) Mar 28, 2024
Skycoder42
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer... High Unreviewed
CVE-2024-1351 was published Mar 7, 2024
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Improper Certificate Validation in apache airflow mongo hook High
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2... Moderate Unreviewed
CVE-2023-47537 was published Feb 15, 2024
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can... High Unreviewed
CVE-2024-25642 was published Feb 13, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an... High Unreviewed
CVE-2023-32330 was published Feb 7, 2024
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a... High Unreviewed
CVE-2023-43017 was published Feb 7, 2024
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products... Moderate Unreviewed
CVE-2023-47700 was published Feb 7, 2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under... Critical Unreviewed
CVE-2024-25140 was published Feb 6, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
curl inadvertently kept the SSL session ID for connections in its cache even when the verify... Moderate Unreviewed
CVE-2024-0853 was published Feb 3, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... High Unreviewed
CVE-2020-29504 was published Feb 2, 2024
ProTip! Advisories are also available from the GraphQL API