GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
126 advisories
Filter by severity
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass
High
CVE-2026-47074
was published
for
ex_aws_sns
(Erlang)
Jun 26, 2026
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM
High
CVE-2026-47077
was published
for
hackney
(Erlang)
Jun 26, 2026
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
High
CVE-2026-9697
was published
for
undici
(npm)
Jun 18, 2026
epa4all-client: TLS Certificate Validation Disabled in Production
High
CVE-2026-45574
was published
for
com.oviva.telematik:epa4all-client
(Maven)
May 15, 2026
goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request
High
GHSA-mxg3-432p-mr72
was published
for
goshs.de/goshs/v2
(Go)
May 15, 2026
Fleet has a Windows MDM management endpoint authentication bypass
High
CVE-2026-23998
was published
for
github.com/fleetdm/fleet/v4
(Go)
May 14, 2026
epa4all-client has a VAU Signature bypass
High
CVE-2026-44900
was published
for
com.oviva.telematik:epa4all-client
(Maven)
May 8, 2026
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
High
CVE-2026-44700
was published
for
ex_webrtc
(Erlang)
May 8, 2026
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
High
CVE-2025-71261
was published
for
github.com/harvester/harvester
(Go)
May 6, 2026
Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles
High
CVE-2026-40944
was published
for
github.com/oxia-db/oxia
(Go)
Apr 14, 2026
Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation
High
CVE-2026-4740
was published
for
open-cluster-management.io/ocm
(Go)
Apr 7, 2026
Incus does not verify combined fingerprint when downloading images from simplestreams servers
High
CVE-2026-33542
was published
for
github.com/lxc/incus/v6/client
(Go)
Mar 27, 2026
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
High
CVE-2026-33896
was published
for
node-forge
(npm)
Mar 26, 2026
CRL Distribution Point Scope Check Logic Error in AWS-LC
High
GHSA-9f94-5g5w-gf6r
was published
for
aws-lc-fips-sys
(Rust)
Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
High
GHSA-394x-vwmw-crm3
was published
for
aws-lc-sys
(Rust)
Mar 20, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
High
CVE-2026-24281
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 7, 2026
AWS-LC has PKCS7_verify Certificate Chain Validation Bypass
High
GHSA-vw5v-4f2q-w9xf
was published
for
aws-lc-sys
(Rust)
Mar 3, 2026
yapi disables TLS/SSL certificate validation via rejectUnauthorized: false in Axios HTTPS agent
High
CVE-2025-70058
was published
for
yapi-vendor
(npm)
Feb 23, 2026
SageMaker Python SDK has Exposed HMAC
High
CVE-2026-1777
was published
for
sagemaker
(pip)
Feb 2, 2026
SageMaker Python SDK has Insecure TLS Configuration
High
CVE-2026-1778
was published
for
sagemaker
(pip)
Feb 2, 2026
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation
High
CVE-2026-1530
was published
for
fog-kubevirt
(RubyGems)
Feb 2, 2026
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set
High
CVE-2026-1531
was published
for
foreman_kubevirt
(RubyGems)
Feb 2, 2026
Rancher CLI skips TLS verification on Rancher CLI login command
High
CVE-2025-67601
was published
for
github.com/rancher/rancher
(Go)
Feb 1, 2026
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)
High
CVE-2025-66001
was published
for
github.com/neuvector/neuvector
(Go)
Dec 12, 2025
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
High
CVE-2025-12765
was published
for
pgadmin4
(pip)
Nov 13, 2025
ProTip!
Advisories are also available from the
GraphQL API