Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,096 advisories

Loading
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used... Moderate Unreviewed
CVE-2025-2028 was published Aug 6, 2025
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2025-48393 was published Aug 6, 2025
A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an... Moderate Unreviewed
CVE-2025-20215 was published Aug 6, 2025
A TLS vulnerability exists in the phone application used to manage a connected device. The phone... High Unreviewed
CVE-2025-8393 was published Aug 8, 2025
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS... Moderate Unreviewed
CVE-2021-42017 was published Mar 9, 2022
F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint... High Unreviewed
CVE-2025-54809 was published Aug 13, 2025
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables... Moderate Unreviewed
CVE-2025-2183 was published Aug 13, 2025
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS... Moderate Unreviewed
CVE-2025-33142 was published Aug 14, 2025
An insufficient validation on the server connection endpoint in Netskope Client allows local... Moderate Unreviewed
CVE-2025-0309 was published Aug 14, 2025
A malicious client can bypass the client certificate trust check of an opc.https server when the... Critical Unreviewed
CVE-2025-7390 was published Aug 21, 2025
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in... Moderate Unreviewed
CVE-2025-58127 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in... Moderate Unreviewed
CVE-2025-58123 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM... Moderate Unreviewed
CVE-2025-58126 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in... Moderate Unreviewed
CVE-2025-58125 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM... Moderate Unreviewed
CVE-2025-58124 was published Aug 28, 2025
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a... High Unreviewed
CVE-2025-30278 was published Aug 29, 2025
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a... High Unreviewed
CVE-2025-30277 was published Aug 29, 2025
2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle... High Unreviewed
CVE-2024-47258 was published Feb 6, 2025
WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle... Moderate Unreviewed
CVE-2025-58781 was published Sep 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database