Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Improper host validation in the social login autofill feature in Devolutions Remote Desktop... Moderate Unreviewed
CVE-2026-12162 was published Jun 16, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-22747 was published for org.springframework.security:spring-security-web (Maven) Apr 22, 2026
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration Moderate
CVE-2026-34477 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch Moderate
CVE-2025-59060 was published for org.apache.ranger:ranger-nifi-registry-plugin (Maven) Mar 3, 2026
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,... Moderate Unreviewed
CVE-2025-15079 was published Jan 8, 2026
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz Credited to ppkarwasz
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows... Moderate Unreviewed
CVE-2025-4295 was published Jul 22, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7... Moderate Unreviewed
CVE-2024-54019 was published Jun 10, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for jruby-openssl (RubyGems) May 7, 2025
mohamedhafez Credited to mohamedhafez
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin Moderate Unreviewed
CVE-2025-42921 was published Apr 17, 2025
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server... Moderate Unreviewed
CVE-2024-49782 was published Feb 20, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server... Moderate Unreviewed
CVE-2024-38324 was published Sep 25, 2024
Missing hostname validation in Kroxylicious Moderate
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph Credited to samueloph, binary-1024, hmolsen, and kmoens binary-1024 binary-1024
hmolsen hmolsen kmoens kmoens
libcurl did not check the server certificate of TLS connections done to a host specified as an IP... Moderate Unreviewed
CVE-2024-2466 was published Mar 27, 2024
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6... Moderate Unreviewed
CVE-2022-22305 was published Sep 1, 2023
Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability... Moderate Unreviewed
CVE-2023-24568 was published May 30, 2023
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault Credited to NotMyFault
Jenkins SmallTest Plugin missing hostname validation Moderate
CVE-2022-41243 was published for com.smalltest:smalltest (Maven) Sep 22, 2022
NotMyFault Credited to NotMyFault
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47... Moderate Unreviewed
CVE-2016-1280 was published May 17, 2022
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL Moderate
CVE-2014-3604 was published for ca.juliusdavies:not-yet-commons-ssl (Maven) May 14, 2022
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10... Moderate Unreviewed
CVE-2014-3522 was published May 14, 2022
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java Moderate
CVE-2014-3603 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database