GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
QUIC has Broken TLS verification
Critical
CVE-2026-49457
was published
for
quic
(Erlang)
Jul 1, 2026
golang.org/x/crypto/ssh/knownhosts vulnerable to auth bypass via unenforced @revoked status
Critical
CVE-2026-42508
was published
for
golang.org/x/crypto/ssh/knownhosts
(Go)
Jun 25, 2026
Alist has Insecure TLS Config
Critical
CVE-2026-25160
was published
for
github.com/alist-org/alist/v3
(Go)
Feb 4, 2026
Apache Tomcat affected by vulnerability in TLS and SSL protocol
Critical
CVE-2009-3555
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Keylime Missing Authentication for Critical Function and Improper Authentication
Critical
CVE-2026-1709
was published
for
keylime
(pip)
Feb 6, 2026
stigmem-node's federation peer registration lacked explicit out-of-band approval
Critical
GHSA-9vp8-3hmv-8fgh
was published
for
stigmem-node
(pip)
May 29, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster
Critical
CVE-2026-4370
was published
for
github.com/juju/juju
(Go)
Apr 2, 2026
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Critical
CVE-2026-30836
was published
for
github.com/smallstep/certificates
(Go)
Mar 19, 2026
Improper Certificate Validation in apache airflow mongo hook
Critical
CVE-2024-25141
was published
for
apache-airflow-providers-mongo
(pip)
Feb 20, 2024
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go
Critical
GHSA-j443-wcqq-xprh
was published
for
github.com/arslanbekov/terraform-provider-sendgrid
(Go)
Mar 11, 2026
Mattermost Server has X.509 Improper Certificate Validation
Critical
CVE-2017-18911
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
dcap-qvl has Missing Verification for QE Identity
Critical
CVE-2026-22696
was published
for
@phala/dcap-qvl
(npm)
Jan 26, 2026
fs2-io skips mTLS client verification
Critical
CVE-2022-31183
was published
for
co.fs2:fs2-io
(Maven)
Jul 29, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Critical
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
Critical
CVE-2022-2996
was published
for
python-scciclient
(pip)
Sep 2, 2022
Improper Certificate Validation in Twisted
Critical
CVE-2019-12855
was published
for
twisted
(pip)
Aug 16, 2019
splunk-sdk does not properly verify untrusted TLS server certificates
Critical
CVE-2019-5729
was published
for
splunk-sdk
(pip)
Mar 25, 2019
Scalyr Agent 2 Missing SSL Certificate Validation
Critical
CVE-2020-24715
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Scalyr Agent Missing SSL Certificate Validation
Critical
CVE-2020-24714
was published
for
scalyr-agent-2
(pip)
May 24, 2022
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
Critical
CVE-2022-32563
was published
for
couchbase
(pip)
Jun 11, 2022
Improper Certificate Validation in WP-CLI framework
Critical
CVE-2021-29504
was published
for
wp-cli/wp-cli
(Composer)
May 19, 2021
Ylianst MeshCentral Missing SSL Certificate Validation
Critical
CVE-2023-51837
was published
for
meshcentral
(npm)
Jan 30, 2024
Improper Certificate Validation in xmlhttprequest-ssl
Critical
CVE-2021-31597
was published
for
xmlhttprequest-ssl
(npm)
May 24, 2021
Sydent does not verify email server certificates
Critical
CVE-2023-38686
was published
for
matrix-sydent
(pip)
Jul 31, 2023
Keycloak Authentication Error
Critical
CVE-2019-14910
was published
for
org.keycloak:keycloak-parent
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API