Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Low
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb
Improper Certificate Validation in apache airflow mongo hook Critical
CVE-2024-25141 was published for apache-airflow-providers-mongo (pip) Feb 20, 2024
Missing SSL certificate validation in localstack High
CVE-2023-48054 was published for localstack (pip) Nov 16, 2023
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Sydent does not verify email server certificates Critical
CVE-2023-38686 was published for matrix-sydent (pip) Jul 31, 2023
cryptography mishandles SSH certificates High
CVE-2023-38325 was published for cryptography (pip) Jul 14, 2023
alanc tiran
in-toto: PGP trust model not (fully) considered Moderate
GHSA-jjgp-whrp-gq8m was published for in-toto (pip) May 11, 2023
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation Moderate
CVE-2023-25392 was published for bigflow (pip) Apr 10, 2023
Improper Certificate Validation in pyload-ng High
CVE-2023-0509 was published for pyload-ng (pip) Jan 27, 2023
Slixmpp lacks SSL Certificate hostname validation in XMLStream High
CVE-2022-45197 was published for slixmpp (pip) Dec 25, 2022
Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack High
CVE-2022-33684 was published for pulsar-client (pip) Nov 4, 2022
hsnbozkurt
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks High
CVE-2022-2996 was published for python-scciclient (pip) Sep 2, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication Critical
CVE-2022-32563 was published for couchbase (pip) Jun 11, 2022
SaltStack Salt Improper SSL Certificate Validation High
CVE-2020-35662 was published for salt (pip) May 24, 2022
SaltStack Salt Improper Certificate Validation High
CVE-2020-28972 was published for salt (pip) May 24, 2022
Scalyr Agent 2 Missing SSL Certificate Validation Critical
CVE-2020-24715 was published for scalyr-agent-2 (pip) May 24, 2022
Scalyr Agent Missing SSL Certificate Validation Critical
CVE-2020-24714 was published for scalyr-agent-2 (pip) May 24, 2022
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate High
CVE-2014-0161 was published for ovirt-engine-sdk-python (pip) May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
Apache Libcloud vulnerable to certificate impersonation Moderate
CVE-2012-3446 was published for apache-libcloud (pip) May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Critical
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
OpenStack keystonemiddleware does not verify certificate High
CVE-2014-7144 was published for keystonemiddleware (pip) May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks High
CVE-2015-1852 was published for keystonemiddleware (pip) May 17, 2022
Urllib3 Incorrect Certificate Validation Low
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database