Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

989 advisories

Loading
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC... Moderate Unreviewed
CVE-2012-3037 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... High Unreviewed
CVE-2018-7234 was published May 13, 2022
Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's... Moderate Unreviewed
CVE-2012-5824 was published May 13, 2022
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore... Moderate Unreviewed
CVE-2018-3927 was published May 13, 2022
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud... High Unreviewed
CVE-2018-4015 was published May 13, 2022
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code... High Unreviewed
CVE-2017-2784 was published May 13, 2022
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL... Critical Unreviewed
CVE-2017-2800 was published May 13, 2022
An exploitable denial of service vulnerability exists within the reading of proprietary server... Moderate Unreviewed
CVE-2017-2836 was published May 13, 2022
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL... Moderate Unreviewed
CVE-2017-2913 was published May 13, 2022
Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of... Moderate Unreviewed
CVE-2021-27768 was published May 13, 2022
Active Directory Domain Services Elevation of Privilege Vulnerability. High Unreviewed
CVE-2022-26923 was published May 11, 2022
OpenStack Keystone and other components vulnerable to Improper Certificate Validation Moderate
CVE-2013-2255 was published for cinder (pip) May 5, 2022
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter High
CVE-2022-24901 was published for parse-server (npm) May 4, 2022
yoshmidev kurt-r2c
`OCSP_basic_verify` may incorrectly verify the response signing certificate Moderate
CVE-2022-1343 was published for openssl-src (Rust) May 4, 2022
pinkforest
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows... High Unreviewed
CVE-2010-1378 was published May 2, 2022
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication,... Moderate Unreviewed
CVE-2009-4831 was published May 2, 2022
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is... Moderate Unreviewed
CVE-2009-3767 was published May 2, 2022
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes... Moderate Unreviewed
CVE-2009-3046 was published May 2, 2022
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before... Moderate Unreviewed
CVE-2009-2408 was published May 2, 2022
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates... Moderate Unreviewed
CVE-2005-3170 was published May 1, 2022
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust... High Unreviewed
CVE-2002-0862 was published Apr 30, 2022
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01... High Unreviewed
CVE-2003-1229 was published Apr 29, 2022
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS... High Unreviewed
CVE-2012-0955 was published Apr 23, 2022
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead... Moderate Unreviewed
CVE-2012-1316 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database