Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,027 advisories

Loading
Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks High
CVE-2023-32198 was published for github.com/rancher/stev (Go) Apr 25, 2025
Fleet doesn’t validate a server’s certificate when connecting through SSH Moderate
CVE-2025-23390 was published for github.com/rancher/fleet (Go) Apr 25, 2025
Apache HttpClient disables domain checks High
CVE-2025-27820 was published for org.apache.httpcomponents.client5:httpclient5 (Maven) Apr 24, 2025
BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to... High Unreviewed
CVE-2025-28169 was published Apr 23, 2025
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates... Moderate Unreviewed
CVE-2015-4100 was published May 24, 2022
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and... High Unreviewed
CVE-2017-3190 was published May 13, 2022
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a... Moderate Unreviewed
CVE-2017-17716 was published May 14, 2022
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by... High Unreviewed
CVE-2017-3194 was published May 13, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu... Moderate Unreviewed
CVE-2016-1252 was published May 13, 2022
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which... Moderate Unreviewed
CVE-2014-2845 was published May 13, 2022
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no"... High Unreviewed
CVE-2017-1000256 was published May 13, 2022
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of... High Unreviewed
CVE-2017-13083 was published May 13, 2022
On Darwin, user's trust preferences for root certificates were not honored. If the user had a... High Unreviewed
CVE-2017-1000097 was published May 14, 2022
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X... Moderate Unreviewed
CVE-2017-14582 was published May 17, 2022
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and... Moderate Unreviewed
CVE-2017-12228 was published May 13, 2022
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with... Moderate Unreviewed
CVE-2017-7971 was published May 17, 2022
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. High Unreviewed
CVE-2017-7726 was published May 13, 2022
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP.... Moderate Unreviewed
CVE-2017-11501 was published May 14, 2022
The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does... Moderate Unreviewed
CVE-2017-9578 was published May 14, 2022
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates... Moderate Unreviewed
CVE-2017-9560 was published May 17, 2022
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509... Moderate Unreviewed
CVE-2017-9568 was published May 17, 2022
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area... Moderate Unreviewed
CVE-2017-9574 was published May 17, 2022
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509... Moderate Unreviewed
CVE-2017-9569 was published May 14, 2022
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509... Moderate Unreviewed
CVE-2017-9561 was published May 17, 2022
The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin... Moderate Unreviewed
CVE-2017-9581 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database