Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) Critical
CVE-2026-30836 was published for github.com/smallstep/certificates (Go) Mar 19, 2026
PrasanthSundararajan69 Credited to PrasanthSundararajan69
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go Critical
GHSA-j443-wcqq-xprh was published for github.com/arslanbekov/terraform-provider-sendgrid (Go) Mar 11, 2026
aiell0 Credited to aiell0
Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client... Critical Unreviewed
CVE-2026-30794 was published Mar 5, 2026
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To... Critical Unreviewed
CVE-2025-70043 was published Feb 23, 2026
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers... Critical Unreviewed
CVE-2025-65753 was published Feb 17, 2026
The affected devices do not validate the server certificate when connecting to the SolaX Cloud... Critical Unreviewed
CVE-2025-15573 was published Feb 12, 2026
Keylime Missing Authentication for Critical Function and Improper Authentication Critical
CVE-2026-1709 was published for keylime (pip) Feb 6, 2026
saivarun3407 Credited to saivarun3407 and Death-Incarnate Death-Incarnate Death-Incarnate
Alist has Insecure TLS Config Critical
CVE-2026-25160 was published for github.com/alist-org/alist/v3 (Go) Feb 4, 2026
XlabAITeam Credited to XlabAITeam, A7um, and okatu-loli A7um A7um
okatu-loli okatu-loli
dcap-qvl has Missing Verification for QE Identity Critical
CVE-2026-22696 was published for @phala/dcap-qvl (npm) Jan 26, 2026
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This... Critical Unreviewed
CVE-2025-67229 was published Jan 23, 2026
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client... Critical Unreviewed
CVE-2025-11043 was published Jan 19, 2026
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2025-46070 was published Jan 12, 2026
Due to a lack of certificate validation, all traffic from the mobile application can be... Critical Unreviewed
CVE-2025-65830 was published Dec 10, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX... Critical Unreviewed
CVE-2025-40800 was published Dec 9, 2025
A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT... Critical Unreviewed
CVE-2025-40801 was published Dec 9, 2025
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34235 was published Sep 29, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and... Critical Unreviewed
CVE-2025-34199 was published Sep 19, 2025
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates:... Critical Unreviewed
CVE-2024-13990 was published Sep 19, 2025
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0... Critical Unreviewed
CVE-2025-55109 was published Sep 16, 2025
A malicious client can bypass the client certificate trust check of an opc.https server when the... Critical Unreviewed
CVE-2025-7390 was published Aug 21, 2025
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and... Critical Unreviewed
CVE-2025-7395 was published Jul 19, 2025
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the... Critical Unreviewed
CVE-2025-6433 was published Jun 26, 2025
An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute... Critical Unreviewed
CVE-2025-29331 was published Jun 26, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to... Critical Unreviewed
CVE-2025-32878 was published Jun 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database