Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,208 advisories

Loading
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server/v2 (Go) Mar 24, 2026
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Improper certificate validation in the PAM propagation WinRM connections allows a network... High Unreviewed
CVE-2026-4434 was published Mar 20, 2026
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) Critical
CVE-2026-30836 was published for github.com/smallstep/certificates (Go) Mar 19, 2026
PrasanthSundararajan69 Credited to PrasanthSundararajan69
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier... High Unreviewed
CVE-2026-4396 was published Mar 18, 2026
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 Moderate
GHSA-594f-3595-c47v was published for github.com/argoproj-labs/terraform-provider-argocd (Go) Mar 18, 2026
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and... Moderate Unreviewed
CVE-2026-32293 was published Mar 17, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... Moderate Unreviewed
CVE-2026-1068 was published Mar 11, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... High Unreviewed
CVE-2026-2368 was published Mar 11, 2026
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper... Low Unreviewed
CVE-2026-24508 was published Mar 11, 2026
An improper certificate validation vulnerability has been reported to affect Video Station. If an... Low Unreviewed
CVE-2024-14024 was published Mar 11, 2026
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an... Moderate Unreviewed
CVE-2026-27221 was published Mar 11, 2026
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4,... Moderate Unreviewed
CVE-2025-68482 was published Mar 10, 2026
Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When... High Unreviewed
CVE-2026-3822 was published Mar 9, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client... Critical Unreviewed
CVE-2026-30794 was published Mar 5, 2026
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A... Moderate Unreviewed
CVE-2025-40896 was published Mar 4, 2026
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates... High Unreviewed
CVE-2026-2748 was published Mar 4, 2026
OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation) Moderate
GHSA-2mc2-g238-722j was published for openclaw (npm) Mar 3, 2026
allsmog Credited to allsmog
AWS-LC has PKCS7_verify Certificate Chain Validation Bypass High
GHSA-vw5v-4f2q-w9xf was published for aws-lc-sys (Rust) Mar 3, 2026
Improper Certificate Validation vulnerability in ASUSTOR ADM FTP Backup on Linux, x86, ARM, 64... High Unreviewed
CVE-2026-3100 was published Feb 25, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm... High Unreviewed
CVE-2025-70045 was published Feb 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database