Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,097 advisories

Loading
Applications that use a non-default option when verifying certificates may be vulnerable to an... Moderate Unreviewed
CVE-2023-0465 was published Mar 28, 2023
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate... Moderate Unreviewed
CVE-2023-0466 was published Mar 28, 2023
Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the... Moderate Unreviewed
CVE-2025-1001 was published Feb 21, 2025
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
An Improper Certificate Validation vulnerability could allow an authenticated malicious actor... Moderate Unreviewed
CVE-2025-23118 was published Mar 1, 2025
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate... High Unreviewed
CVE-2024-50691 was published Feb 26, 2025
An improper certificate validation vulnerability has been reported to affect Helpdesk. If... High Unreviewed
CVE-2024-50394 was published Mar 7, 2025
Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration... High Unreviewed
CVE-2024-41724 was published Mar 10, 2025
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP)... High Unreviewed
CVE-2024-43107 was published Mar 10, 2025
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is... High Unreviewed
CVE-2024-55581 was published Feb 27, 2025
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server... Moderate Unreviewed
CVE-2024-49782 was published Feb 20, 2025
An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables... Moderate Unreviewed
CVE-2024-41258 was published Jul 31, 2024
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured,... Moderate Unreviewed
CVE-2025-23091 was published Feb 1, 2025
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute... Critical Unreviewed
CVE-2025-23114 was published Feb 5, 2025
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version... Moderate Unreviewed
CVE-2024-40590 was published Mar 14, 2025
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below... Moderate Unreviewed
CVE-2023-48785 was published Mar 14, 2025
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest... Moderate Unreviewed
CVE-2024-32928 was published Aug 19, 2024
Improper certificate validation vulnerability in the update functionality in Synology BeeStation... Moderate Unreviewed
CVE-2024-10445 was published Mar 19, 2025
Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation... High Unreviewed
CVE-2024-10444 was published Mar 19, 2025
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle ... Moderate Unreviewed
CVE-2025-0254 was published Mar 20, 2025
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign... Moderate Unreviewed
CVE-2021-25635 was published Mar 21, 2025
Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0... Moderate Unreviewed
CVE-2023-22367 was published Feb 13, 2023
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a ... High Unreviewed
CVE-2024-45234 was published Aug 25, 2024
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. Moderate Unreviewed
CVE-2022-46496 was published Feb 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database