Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

458 advisories

Loading
A vulnerability in the certificate validation logic may allow applications to accept untrusted or... High Unreviewed
CVE-2025-9293 was published Feb 13, 2026
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information.... High Unreviewed
CVE-2025-70029 was published Feb 11, 2026
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code... High Unreviewed
CVE-2026-21228 was published Feb 10, 2026
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows... High Unreviewed
CVE-2025-15557 was published Feb 5, 2026
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS... High Unreviewed
CVE-2026-24932 was published Feb 3, 2026
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS... High Unreviewed
CVE-2026-24933 was published Feb 3, 2026
SageMaker Python SDK has Exposed HMAC High
CVE-2026-1777 was published for sagemaker (pip) Feb 2, 2026
SageMaker Python SDK has Insecure TLS Configuration High
CVE-2026-1778 was published for sagemaker (pip) Feb 2, 2026
fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation High
CVE-2026-1530 was published for fog-kubevirt (RubyGems) Feb 2, 2026
foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set High
CVE-2026-1531 was published for foreman_kubevirt (RubyGems) Feb 2, 2026
Rancher CLI skips TLS verification on Rancher CLI login command High
CVE-2025-67601 was published for github.com/rancher/rancher (Go) Feb 1, 2026
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not... High Unreviewed
CVE-2022-40620 was published Jan 28, 2026
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers. High Unreviewed
CVE-2025-71063 was published Jan 12, 2026
LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS... High Unreviewed
CVE-2025-14022 was published Dec 15, 2025
NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) High
CVE-2025-66001 was published for github.com/neuvector/neuvector (Go) Dec 12, 2025
When the user set the Notification's sender to send emails to the SMTP server via msmtp, an... High Unreviewed
CVE-2025-13052 was published Dec 12, 2025
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025... High Unreviewed
CVE-2025-65290 was published Dec 11, 2025
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail... High Unreviewed
CVE-2025-65291 was published Dec 11, 2025
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4... High Unreviewed
CVE-2025-44018 was published Nov 24, 2025
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification High
CVE-2025-12765 was published for pgadmin4 (pip) Nov 13, 2025
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser... High Unreviewed
CVE-2025-10495 was published Nov 12, 2025
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11).... High Unreviewed
CVE-2025-40744 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data... High Unreviewed
CVE-2025-64685 was published Nov 10, 2025
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a... High Unreviewed
CVE-2025-58188 was published Oct 30, 2025
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database