Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

57 advisories

Loading
QUIC has Broken TLS verification Critical
CVE-2026-49457 was published for quic (Erlang) Jul 1, 2026
benmmurphy Credited to benmmurphy
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections Low
CVE-2026-54275 was published for aiohttp (pip) Jun 15, 2026
denyspakizh-tob Credited to denyspakizh-tob and bdraco bdraco bdraco
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability High
CVE-2026-43869 was published for org.apache.thrift:libthrift (Maven) May 5, 2026
ataillefer Credited to ataillefer and HTHou HTHou HTHou
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-22747 was published for org.springframework.security:spring-security-web (Maven) Apr 22, 2026
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration Moderate
CVE-2026-34477 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch Moderate
CVE-2025-59060 was published for org.apache.ranger:ranger-nifi-registry-plugin (Maven) Mar 3, 2026
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz Credited to ppkarwasz
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for jruby-openssl (RubyGems) May 7, 2025
mohamedhafez Credited to mohamedhafez
Keycloak hostname verification High
CVE-2025-3501 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2025
sharpedavid Credited to sharpedavid
Duplicate Advisory: Keycloak hostname verification High
GHSA-r934-w73g-v4p8 was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin Moderate Unreviewed
CVE-2025-42921 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API