Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,599
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,828
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex... Critical Unreviewed
CVE-2026-20184 was published Apr 15, 2026
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA... Critical Unreviewed
CVE-2026-5194 was published Apr 9, 2026
Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed
CVE-2026-35560 was published Apr 3, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster Critical
CVE-2026-4370 was published for github.com/juju/juju (Go) Apr 2, 2026
hpidcock Credited to hpidcock, tlm, manadart, and wallyworld tlm tlm
manadart manadart wallyworld wallyworld
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) Critical
CVE-2026-30836 was published for github.com/smallstep/certificates (Go) Mar 19, 2026
PrasanthSundararajan69 Credited to PrasanthSundararajan69
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client... Critical Unreviewed
CVE-2026-30794 was published Mar 5, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To... Critical Unreviewed
CVE-2025-70043 was published Feb 23, 2026
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers... Critical Unreviewed
CVE-2025-65753 was published Feb 17, 2026
The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed
CVE-2025-15573 was published Feb 12, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication Critical
CVE-2026-1709 was published for keylime (pip) Feb 6, 2026
saivarun3407 Credited to saivarun3407 and Death-Incarnate Death-Incarnate Death-Incarnate
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam Credited to XlabAITeam, A7um, and okatu-loli A7um A7um
okatu-loli okatu-loli
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This... Critical Unreviewed
CVE-2025-67229 was published Jan 23, 2026
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client... Critical Unreviewed
CVE-2025-11043 was published Jan 19, 2026
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-46070 was published Jan 12, 2026
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT... Critical Unreviewed
CVE-2025-40801 was published Dec 9, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX... Critical Unreviewed
CVE-2025-40800 was published Dec 9, 2025
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34235 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates:... Critical Unreviewed
CVE-2024-13990 was published Sep 19, 2025
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0... Critical Unreviewed
CVE-2025-55109 was published Sep 16, 2025
A malicious client can bypass the client certificate trust check of an opc.https server when the... Critical Unreviewed
CVE-2025-7390 was published Aug 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database