GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
QUIC has Broken TLS verification
Critical
CVE-2026-49457
was published
for
quic
(Erlang)
Jul 1, 2026
Improper host validation in the social login autofill feature in
Devolutions Remote Desktop...
Moderate
Unreviewed
CVE-2026-12162
was published
Jun 16, 2026
aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections
Low
CVE-2026-54275
was published
for
aiohttp
(pip)
Jun 15, 2026
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging...
High
Unreviewed
CVE-2026-44393
was published
Jun 4, 2026
Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows...
High
Unreviewed
CVE-2024-12925
was published
Jun 1, 2026
It was identified that the LDAP client implementation in version 2.1.7 does not verify if the...
High
Unreviewed
CVE-2026-35563
was published
Jun 1, 2026
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
High
CVE-2026-43869
was published
for
org.apache.thrift:libthrift
(Maven)
May 5, 2026
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift.
This issue...
High
Unreviewed
CVE-2026-41603
was published
Apr 28, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
Moderate
CVE-2026-22747
was published
for
org.springframework.security:spring-security-web
(Maven)
Apr 22, 2026
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
Moderate
CVE-2026-34477
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Apr 10, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
High
CVE-2026-24281
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 7, 2026
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch
Moderate
CVE-2025-59060
was published
for
org.apache.ranger:ranger-nifi-registry-plugin
(Maven)
Mar 3, 2026
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS...
Critical
Unreviewed
CVE-2026-26214
was published
Feb 12, 2026
When doing SSH-based transfers using either SCP or SFTP, and setting the
known_hosts file,...
Moderate
Unreviewed
CVE-2025-15079
was published
Jan 8, 2026
The Uniffle HTTP client is configured to trust all SSL certificates and
disables hostname...
Critical
Unreviewed
CVE-2025-68637
was published
Jan 7, 2026
Apache Log4j does not verify the TLS hostname in its Socket Appender
Moderate
CVE-2025-68161
was published
for
org.apache.logging.log4j:log4j-core
(Maven)
Dec 18, 2025
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy...
High
Unreviewed
CVE-2025-25253
was published
Oct 14, 2025
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push...
Critical
Unreviewed
CVE-2025-46408
was published
Sep 15, 2025
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows...
Moderate
Unreviewed
CVE-2025-4295
was published
Jul 22, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates
Moderate
CVE-2025-49015
was published
for
CouchbaseNetClient
(NuGet)
Jun 18, 2025
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7...
Moderate
Unreviewed
CVE-2024-54019
was published
Jun 10, 2025
JRuby-OpenSSL has hostname verification disabled by default
Moderate
CVE-2025-46551
was published
for
jruby-openssl
(RubyGems)
May 7, 2025
Keycloak hostname verification
High
CVE-2025-3501
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 30, 2025
Duplicate Advisory: Keycloak hostname verification
High
GHSA-r934-w73g-v4p8
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 29, 2025
•
withdrawn
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
Moderate
Unreviewed
CVE-2025-42921
was published
Apr 17, 2025
ProTip!
Advisories are also available from the
GraphQL API