Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,219 advisories

Loading
Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed
CVE-2026-35560 was published Apr 3, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker... High Unreviewed
CVE-2026-29140 was published Apr 2, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster Critical
CVE-2026-4370 was published for github.com/juju/juju (Go) Apr 2, 2026
hpidcock Credited to hpidcock, tlm, manadart, and wallyworld tlm tlm
manadart manadart wallyworld wallyworld
Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials Moderate
GHSA-prxj-3gcv-cqrh was published for github.com/teslamotors/fleet-telemetry (Go) Apr 1, 2026
yueyueL Credited to yueyueL
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Moderate Unreviewed
CVE-2026-25834 was published Apr 1, 2026
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an... Moderate Unreviewed
CVE-2026-20042 was published Apr 1, 2026
Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange Moderate
CVE-2026-32794 was published for apache-airflow (pip) Mar 31, 2026
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper... High Unreviewed
CVE-2019-25652 was published Mar 28, 2026
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl... Moderate Unreviewed
CVE-2025-15612 was published Mar 27, 2026
cryptography has incomplete DNS name constraint enforcement on peer names Low
CVE-2026-34073 was published for cryptography (pip) Mar 27, 2026
1seal Credited to 1seal and woodruffw woodruffw woodruffw
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Improper certificate validation in the PAM propagation WinRM connections allows a network... High Unreviewed
CVE-2026-4434 was published Mar 20, 2026
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) Critical
CVE-2026-30836 was published for github.com/smallstep/certificates (Go) Mar 19, 2026
PrasanthSundararajan69 Credited to PrasanthSundararajan69
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier... High Unreviewed
CVE-2026-4396 was published Mar 18, 2026
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 Moderate
GHSA-594f-3595-c47v was published for github.com/argoproj-labs/terraform-provider-argocd (Go) Mar 18, 2026
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and... Moderate Unreviewed
CVE-2026-32293 was published Mar 17, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... High Unreviewed
CVE-2026-2368 was published Mar 11, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... Moderate Unreviewed
CVE-2026-1068 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper... Low Unreviewed
CVE-2026-24508 was published Mar 11, 2026
An improper certificate validation vulnerability has been reported to affect Video Station. If an... Low Unreviewed
CVE-2024-14024 was published Mar 11, 2026
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database