Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,623
Maven
5,000+
npm
5,000+
NuGet
927
pip
4,843
Pub
13
RubyGems
1,045
Rust
1,271
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,244 advisories

Loading
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52598 was published Dec 26, 2025
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS... High Unreviewed
CVE-2025-14022 was published Dec 15, 2025
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an... High Unreviewed
CVE-2025-13052 was published Dec 12, 2025
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail... High Unreviewed
CVE-2025-65291 was published Dec 11, 2025
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... High Unreviewed
CVE-2025-65290 was published Dec 11, 2025
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX... Critical Unreviewed
CVE-2025-40800 was published Dec 9, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT... Critical Unreviewed
CVE-2025-40801 was published Dec 9, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider Moderate
CVE-2025-66491 was published for github.com/traefik/traefik/v3 (Go) Dec 8, 2025
pavelkohout396 Credited to pavelkohout396
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a... Low Unreviewed
CVE-2025-12893 was published Nov 25, 2025
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4... High Unreviewed
CVE-2025-44018 was published Nov 24, 2025
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy... Low Unreviewed
CVE-2025-65083 was published Nov 17, 2025
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10... Low Unreviewed
CVE-2025-60022 was published Nov 17, 2025
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification High
CVE-2025-12765 was published for pgadmin4 (pip) Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser... High Unreviewed
CVE-2025-10495 was published Nov 12, 2025
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11).... High Unreviewed
CVE-2025-40744 was published Nov 11, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data... High Unreviewed
CVE-2025-64685 was published Nov 10, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Credited to mihailkirov, Faeris95, and xpivarc Faeris95 Faeris95
xpivarc xpivarc
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a... High Unreviewed
CVE-2025-58188 was published Oct 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database