Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

108 advisories

Loading
The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed
CVE-2025-15573 was published Feb 12, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication Critical
CVE-2026-1709 was published for keylime (pip) Feb 6, 2026
saivarun3407 Death-Incarnate
Credited to saivarun3407 and Death-Incarnate
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam A7um
okatu-loli
Credited to XlabAITeam, A7um, and okatu-loli
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This... Critical Unreviewed
CVE-2025-67229 was published Jan 23, 2026
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client... Critical Unreviewed
CVE-2025-11043 was published Jan 19, 2026
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-46070 was published Jan 12, 2026
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT... Critical Unreviewed
CVE-2025-40801 was published Dec 9, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX... Critical Unreviewed
CVE-2025-40800 was published Dec 9, 2025
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34235 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates:... Critical Unreviewed
CVE-2024-13990 was published Sep 19, 2025
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0... Critical Unreviewed
CVE-2025-55109 was published Sep 16, 2025
A malicious client can bypass the client certificate trust check of an opc.https server when the... Critical Unreviewed
CVE-2025-7390 was published Aug 21, 2025
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and... Critical Unreviewed
CVE-2025-7395 was published Jul 19, 2025
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the... Critical Unreviewed
CVE-2025-6433 was published Jun 26, 2025
An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-29331 was published Jun 26, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to... Critical Unreviewed
CVE-2025-32878 was published Jun 20, 2025
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other... Critical Unreviewed
CVE-2025-3463 was published May 9, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... Critical Unreviewed
CVE-2024-41334 was published Feb 27, 2025
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute... Critical Unreviewed
CVE-2025-23114 was published Feb 5, 2025
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated... Critical Unreviewed
CVE-2024-52330 was published Jan 23, 2025
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An... Critical Unreviewed
CVE-2024-52329 was published Jan 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database