Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

126 advisories

Loading
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass High
CVE-2026-47074 was published for ex_aws_sns (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich, bernardd, and maennchen bernardd bernardd
maennchen maennchen
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM High
CVE-2026-47077 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
tonghuaroot Credited to tonghuaroot and UlisesGascon UlisesGascon UlisesGascon
epa4all-client: TLS Certificate Validation Disabled in Production High
CVE-2026-45574 was published for com.oviva.telematik:epa4all-client (Maven) May 15, 2026
snomi Credited to snomi and Volcore Volcore Volcore
goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request High
GHSA-mxg3-432p-mr72 was published for goshs.de/goshs/v2 (Go) May 15, 2026
offset Credited to offset
Fleet has a Windows MDM management endpoint authentication bypass High
CVE-2026-23998 was published for github.com/fleetdm/fleet/v4 (Go) May 14, 2026
epa4all-client has a VAU Signature bypass High
CVE-2026-44900 was published for com.oviva.telematik:epa4all-client (Maven) May 8, 2026
snomi Credited to snomi and Volcore Volcore Volcore
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation High
CVE-2026-44700 was published for ex_webrtc (Erlang) May 8, 2026
songxpu Credited to songxpu
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS High
CVE-2025-71261 was published for github.com/harvester/harvester (Go) May 6, 2026
Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles High
CVE-2026-40944 was published for github.com/oxia-db/oxia (Go) Apr 14, 2026
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
AWS-LC has PKCS7_verify Certificate Chain Validation Bypass High
GHSA-vw5v-4f2q-w9xf was published for aws-lc-sys (Rust) Mar 3, 2026
yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent High
CVE-2025-70058 was published for yapi-vendor (npm) Feb 23, 2026
SageMaker Python SDK has Exposed HMAC High
CVE-2026-1777 was published for sagemaker (pip) Feb 2, 2026
SageMaker Python SDK has Insecure TLS Configuration High
CVE-2026-1778 was published for sagemaker (pip) Feb 2, 2026
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation High
CVE-2026-1530 was published for fog-kubevirt (RubyGems) Feb 2, 2026
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set High
CVE-2026-1531 was published for foreman_kubevirt (RubyGems) Feb 2, 2026
Rancher CLI skips TLS verification on Rancher CLI login command High
CVE-2025-67601 was published for github.com/rancher/rancher (Go) Feb 1, 2026
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
ProTip! Advisories are also available from the GraphQL API