Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

574 advisories

Loading
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2026-22613 was published Feb 9, 2026
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs... Moderate Unreviewed
CVE-2025-68121 was published Feb 5, 2026
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the... Moderate Unreviewed
CVE-2026-24935 was published Feb 3, 2026
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate... Moderate Unreviewed
CVE-2026-24934 was published Feb 3, 2026
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates... Moderate Unreviewed
CVE-2025-53869 was published Jan 29, 2026
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a... Moderate Unreviewed
CVE-2025-32057 was published Jan 22, 2026
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud... Moderate Unreviewed
CVE-2025-27377 was published Jan 22, 2026
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool... Moderate Unreviewed
CVE-2025-13034 was published Jan 8, 2026
When doing TLS related transfers with reused easy or multi handles and altering the ... Moderate Unreviewed
CVE-2025-14819 was published Jan 8, 2026
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52598 was published Dec 26, 2025
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider Moderate
CVE-2025-66491 was published for github.com/traefik/traefik/v3 (Go) Dec 8, 2025
pavelkohout396
Credited to pavelkohout396
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
GeoIP processor disables SSL certificate validation when downloading databases Moderate
GHSA-3xgr-h5hq-7299 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier Moderate
GHSA-28gg-8qqj-fhh5 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
A vulnerability was reported in the Lenovo LeCloud client application that, under certain... Moderate Unreviewed
CVE-2025-10699 was published Oct 15, 2025
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Moderate Unreviewed
CVE-2025-11633 was published Oct 12, 2025
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server... Moderate Unreviewed
CVE-2025-10548 was published Sep 23, 2025
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle... Moderate Unreviewed
CVE-2025-58781 was published Sep 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database