Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,244 advisories

Loading
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
When verifying a certificate chain which contains a certificate containing multiple email address... High Unreviewed
CVE-2026-27137 was published Mar 7, 2026
Certificate verification can panic when a certificate in the chain has an empty DNS name and... Moderate Unreviewed
CVE-2026-27138 was published Mar 7, 2026
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client... Critical Unreviewed
CVE-2026-30794 was published Mar 5, 2026
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A... Moderate Unreviewed
CVE-2025-40896 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates... High Unreviewed
CVE-2026-2748 was published Mar 4, 2026
OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation) Moderate
GHSA-2mc2-g238-722j was published for openclaw (npm) Mar 3, 2026
allsmog Credited to allsmog
AWS-LC has PKCS7_verify Certificate Chain Validation Bypass High
GHSA-vw5v-4f2q-w9xf was published for aws-lc-sys (Rust) Mar 3, 2026
Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64... High Unreviewed
CVE-2026-3100 was published Feb 25, 2026
yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent High
CVE-2025-70058 was published for yapi-vendor (npm) Feb 23, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm... High Unreviewed
CVE-2025-70045 was published Feb 23, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To... Critical Unreviewed
CVE-2025-70043 was published Feb 23, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools... Moderate Unreviewed
CVE-2025-70044 was published Feb 23, 2026
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped Low
CVE-2026-24122 was published for github.com/sigstore/cosign (Go) Feb 19, 2026
1seal Credited to 1seal
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers... Critical Unreviewed
CVE-2025-65753 was published Feb 17, 2026
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on... Low Unreviewed
CVE-2026-0872 was published Feb 13, 2026
A vulnerability in the certificate validation logic may allow applications to accept untrusted or... High Unreviewed
CVE-2025-9293 was published Feb 13, 2026
The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed
CVE-2025-15573 was published Feb 12, 2026
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal... Low Unreviewed
CVE-2026-0228 was published Feb 11, 2026
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information.... High Unreviewed
CVE-2025-70029 was published Feb 11, 2026
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code... High Unreviewed
CVE-2026-21228 was published Feb 10, 2026
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2026-22613 was published Feb 9, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication Critical
CVE-2026-1709 was published for keylime (pip) Feb 6, 2026
saivarun3407 Credited to saivarun3407 and Death-Incarnate Death-Incarnate Death-Incarnate
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15323 was published Feb 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database