Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,177 advisories

Loading
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on... Low Unreviewed
CVE-2026-0872 was published Feb 13, 2026
A vulnerability in the certificate validation logic may allow applications to accept untrusted or... High Unreviewed
CVE-2025-9293 was published Feb 13, 2026
The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed
CVE-2025-15573 was published Feb 12, 2026
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal... Low Unreviewed
CVE-2026-0228 was published Feb 11, 2026
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information.... High Unreviewed
CVE-2025-70029 was published Feb 11, 2026
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code... High Unreviewed
CVE-2026-21228 was published Feb 10, 2026
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2026-22613 was published Feb 9, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication Critical
CVE-2026-1709 was published for keylime (pip) Feb 6, 2026
saivarun3407 Death-Incarnate
Credited to saivarun3407 and Death-Incarnate
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. Low Unreviewed
CVE-2025-15323 was published Feb 5, 2026
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs... Moderate Unreviewed
CVE-2025-68121 was published Feb 5, 2026
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows... High Unreviewed
CVE-2025-15557 was published Feb 5, 2026
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the... Moderate Unreviewed
CVE-2026-24935 was published Feb 3, 2026
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS... High Unreviewed
CVE-2026-24932 was published Feb 3, 2026
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate... Moderate Unreviewed
CVE-2026-24934 was published Feb 3, 2026
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS... High Unreviewed
CVE-2026-24933 was published Feb 3, 2026
SageMaker Python SDK has Exposed HMAC High
CVE-2026-1777 was published for sagemaker (pip) Feb 2, 2026
SageMaker Python SDK has Insecure TLS Configuration High
CVE-2026-1778 was published for sagemaker (pip) Feb 2, 2026
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set High
CVE-2026-1531 was published for foreman_kubevirt (RubyGems) Feb 2, 2026
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation High
CVE-2026-1530 was published for fog-kubevirt (RubyGems) Feb 2, 2026
Rancher CLI skips TLS verification on Rancher CLI login command High
CVE-2025-67601 was published for github.com/rancher/rancher (Go) Feb 1, 2026
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates... Moderate Unreviewed
CVE-2025-53869 was published Jan 29, 2026
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not... High Unreviewed
CVE-2022-40620 was published Jan 28, 2026
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This... Critical Unreviewed
CVE-2025-67229 was published Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database