Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

122 advisories

Loading
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow Moderate
CVE-2026-39835 was published for golang.org/x/crypto/ssh (Go) Jun 25, 2026
golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions Moderate
CVE-2026-39828 was published for golang.org/x/crypto/ssh (Go) Jun 25, 2026
Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception Moderate
GHSA-r7g4-qg5f-qqm2 was published for nodemailer (npm) Jun 15, 2026
Venukamatchi Credited to Venukamatchi
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS Moderate
GHSA-rc6v-5rmx-w5mv was published for github.com/arnika-project/arnika (Go) May 15, 2026
dpolzoni Credited to dpolzoni and nean-and-i nean-and-i nean-and-i
Vert.x has a DoS via unbounded server-side SNI SslContext cache growth Moderate
CVE-2026-6860 was published for io.vertx:vertx-core (Maven) May 9, 2026
shblue21 Credited to shblue21, Preethi-30, and julianladisch Preethi-30 Preethi-30
julianladisch julianladisch
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits Moderate
CVE-2026-44309 was published for github.com/sigstore/gitsign (Go) May 8, 2026
bugbunny-research Credited to bugbunny-research
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured Moderate
CVE-2026-44213 was published for OpenTelemetry.Exporter.Instana (NuGet) May 8, 2026
martincostello Credited to martincostello
CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content Moderate
CVE-2026-44312 was published for css_parser (RubyGems) May 7, 2026
JLLeitschuh Credited to JLLeitschuh
misp-modules has nsafe remote resource fetching in expansion Moderate
CVE-2026-44363 was published for misp-modules (pip) May 6, 2026
DavidCruciani Credited to DavidCruciani
kuranikaran Credited to kuranikaran
apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider Moderate
CVE-2026-41016 was published for apache-airflow-providers-smtp (pip) Apr 30, 2026
francisbergin Credited to francisbergin
CKAN has no certificate validation on STMP connection Moderate
CVE-2026-41132 was published for ckan (pip) Apr 29, 2026
francisbergin Credited to francisbergin
Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification Moderate
CVE-2026-40974 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker Moderate
CVE-2026-40971 was published for org.springframework.boot:spring-boot-rabbitmq (Maven) Apr 28, 2026
Spring Boot's Elasticsearch auto-configuration doesn't perform hostname verification when connecting to the Elasticsearch server. Moderate
CVE-2026-40970 was published for org.springframework.boot:spring-boot-elasticsearch (Maven) Apr 27, 2026
Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade Moderate
CVE-2026-40557 was published for org.apache.storm:storm-metrics-prometheus (Maven) Apr 27, 2026
Sigstore Timestamp Authority has Improper Certificate Validation in verifier Moderate
CVE-2026-39984 was published for github.com/sigstore/timestamp-authority/v2 (Go) Apr 14, 2026
jku Credited to jku
rfc3161-client Has Improper Certificate Validation Moderate
CVE-2026-33753 was published for rfc3161-client (pip) Apr 8, 2026
Jaynornj Credited to Jaynornj
Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials Moderate
GHSA-prxj-3gcv-cqrh was published for github.com/teslamotors/fleet-telemetry (Go) Apr 1, 2026
sethterashima Credited to sethterashima and yueyueL yueyueL yueyueL
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 Moderate
GHSA-594f-3595-c47v was published for github.com/argoproj-labs/terraform-provider-argocd (Go) Mar 18, 2026
allsmog Credited to allsmog
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210 and yusuke-koyoshi yusuke-koyoshi yusuke-koyoshi
ProTip! Advisories are also available from the GraphQL API