Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,287 advisories

Loading
A network man-in-the-middle between nats-sync and the BOSH director can steal the director... High Unreviewed
CVE-2026-41859 was published Jun 4, 2026
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP... Moderate Unreviewed
CVE-2026-49267 was published Jun 1, 2026
stigmem-node's federation peer registration lacked explicit out-of-band approval Critical
GHSA-9vp8-3hmv-8fgh was published for stigmem-node (pip) May 29, 2026
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a... High Unreviewed
CVE-2026-42012 was published May 27, 2026
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS... High Unreviewed
CVE-2026-48697 was published May 26, 2026
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6... High Unreviewed
CVE-2026-8992 was published May 26, 2026
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation... Moderate Unreviewed
CVE-2025-32745 was published May 26, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc... High Unreviewed
CVE-2026-48249 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by... High Unreviewed
CVE-2026-48248 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by... High Unreviewed
CVE-2026-48246 was published May 21, 2026
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php... High Unreviewed
CVE-2026-48247 was published May 21, 2026
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate... Moderate Unreviewed
CVE-2026-41119 was published May 18, 2026
epa4all-client: TLS Certificate Validation Disabled in Production High
CVE-2026-45574 was published for com.oviva.telematik:epa4all-client (Maven) May 15, 2026
snomi Credited to snomi and Volcore Volcore Volcore
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS Moderate
GHSA-rc6v-5rmx-w5mv was published for github.com/arnika-project/arnika (Go) May 15, 2026
dpolzoni Credited to dpolzoni and nean-and-i nean-and-i nean-and-i
goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request High
GHSA-mxg3-432p-mr72 was published for goshs.de/goshs/v2 (Go) May 15, 2026
offset Credited to offset
Fleet has a Windows MDM management endpoint authentication bypass High
CVE-2026-23998 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server... High Unreviewed
CVE-2026-32992 was published May 14, 2026
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing... Moderate Unreviewed
CVE-2026-4873 was published May 13, 2026
An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION... Moderate Unreviewed
CVE-2026-0244 was published May 13, 2026
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and... Moderate Unreviewed
CVE-2026-0248 was published May 13, 2026
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™... Moderate Unreviewed
CVE-2026-0249 was published May 13, 2026
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers... Moderate Unreviewed
CVE-2026-8367 was published May 13, 2026
When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP... Moderate Unreviewed
CVE-2026-7009 was published May 13, 2026
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation.... Critical Unreviewed
CVE-2026-41872 was published May 12, 2026
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth Moderate
CVE-2026-6860 was published for io.vertx:vertx-core (Maven) May 9, 2026
shblue21 Credited to shblue21, Preethi-30, and julianladisch Preethi-30 Preethi-30
julianladisch julianladisch
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database