Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
cryptography has incomplete DNS name constraint enforcement on peer names Low
CVE-2026-34073 was published for cryptography (pip) Mar 27, 2026
1seal Credited to 1seal and woodruffw woodruffw woodruffw
Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped Low
CVE-2026-24122 was published for github.com/sigstore/cosign (Go) Feb 19, 2026
1seal Credited to 1seal
Weblate command-line client susceptible to SSL verification skip Low
CVE-2026-22250 was published for wlc (pip) Jan 12, 2026
nijel Credited to nijel and Zee99y Zee99y Zee99y
lxd CA certificate sign check bypass Low
CVE-2024-6156 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing Credited to markylaing
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing Credited to markylaing
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider Low
CVE-2024-29733 was published for apache-airflow-providers-ftp (pip) Apr 21, 2024
ericwb Credited to ericwb
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 Credited to znewman01, dlorenc, mattmoor, priyawadhwa, mtrmac, and nsmith5 dlorenc dlorenc
mattmoor mattmoor priyawadhwa priyawadhwa mtrmac mtrmac nsmith5 nsmith5
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender Low
CVE-2020-9488 was published for org.apache.logging.log4j:log4j (Maven) Jun 5, 2020
DmitriyLewen Credited to DmitriyLewen
SSL Validation Defaults to False in electron-packager Low
CVE-2016-10534 was published for electron-packager (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database