GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
514 advisories
Filter by severity
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0...
Moderate
Unreviewed
CVE-2026-8480
was published
Jul 1, 2026
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the...
Moderate
Unreviewed
CVE-2026-12374
was published
Jul 1, 2026
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation....
Moderate
Unreviewed
CVE-2026-48934
was published
Jun 26, 2026
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name...
Moderate
Unreviewed
CVE-2026-7532
was published
Jun 26, 2026
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer...
Moderate
Unreviewed
CVE-2026-10098
was published
Jun 26, 2026
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A...
Moderate
Unreviewed
CVE-2026-6731
was published
Jun 25, 2026
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA...
Moderate
Unreviewed
CVE-2026-55964
was published
Jun 25, 2026
Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A...
Moderate
Unreviewed
CVE-2026-10592
was published
Jun 25, 2026
Partial-chain certificate verification may accept chains that terminate at a peer-supplied,...
Moderate
Unreviewed
CVE-2026-6091
was published
Jun 25, 2026
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS...
Moderate
Unreviewed
CVE-2026-57289
was published
Jun 24, 2026
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2...
Moderate
Unreviewed
CVE-2025-2669
was published
Jun 22, 2026
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation...
Moderate
Unreviewed
CVE-2024-47477
was published
Jun 17, 2026
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that...
Moderate
Unreviewed
CVE-2026-40992
was published
Jun 11, 2026
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps...
Moderate
Unreviewed
CVE-2026-41714
was published
Jun 10, 2026
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key...
Moderate
Unreviewed
CVE-2026-42769
was published
Jun 9, 2026
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP...
Moderate
Unreviewed
CVE-2026-49267
was published
Jun 1, 2026
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation...
Moderate
Unreviewed
CVE-2025-32745
was published
May 26, 2026
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate...
Moderate
Unreviewed
CVE-2026-41119
was published
May 18, 2026
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and...
Moderate
Unreviewed
CVE-2026-0248
was published
May 13, 2026
An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION...
Moderate
Unreviewed
CVE-2026-0244
was published
May 13, 2026
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™...
Moderate
Unreviewed
CVE-2026-0249
was published
May 13, 2026
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing...
Moderate
Unreviewed
CVE-2026-4873
was published
May 13, 2026
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers...
Moderate
Unreviewed
CVE-2026-8367
was published
May 13, 2026
When curl is told to use the Certificate Status Request TLS extension, often
referred to as *OCSP...
Moderate
Unreviewed
CVE-2026-7009
was published
May 13, 2026
RouterOS provides various services that rely on correct
verification of client and server...
Moderate
Unreviewed
CVE-2025-42611
was published
May 5, 2026
ProTip!
Advisories are also available from the
GraphQL API