Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,323
Maven
5,000+
npm
5,000+
NuGet
880
pip
4,533
Pub
12
RubyGems
1,010
Rust
1,201
Swift
51
Unreviewed advisories
All unreviewed
5,000+

584 advisories

Loading
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server/v2 (Go) Mar 24, 2026
Terraform Provider for ArgoCD has possible exposure to GO-2026-4337 / CVE-2025-68121 Moderate
GHSA-594f-3595-c47v was published for github.com/argoproj-labs/terraform-provider-argocd (Go) Mar 18, 2026
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and... Moderate Unreviewed
CVE-2026-32293 was published Mar 17, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... Moderate Unreviewed
CVE-2026-1068 was published Mar 11, 2026
Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an... Moderate Unreviewed
CVE-2026-27221 was published Mar 11, 2026
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4,... Moderate Unreviewed
CVE-2025-68482 was published Mar 10, 2026
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A... Moderate Unreviewed
CVE-2025-40896 was published Mar 4, 2026
OpenClaw affected by iMessage remote attachment SCP hardening (strict host-key checks and remoteHost validation) Moderate
GHSA-2mc2-g238-722j was published for openclaw (npm) Mar 3, 2026
allsmog Credited to allsmog
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools... Moderate Unreviewed
CVE-2025-70044 was published Feb 23, 2026
Apache Tomcat - Client certificate verification bypass Moderate
CVE-2025-66614 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Feb 17, 2026
Jenson3210 Credited to Jenson3210
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2026-22613 was published Feb 9, 2026
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs... Moderate Unreviewed
CVE-2025-68121 was published Feb 5, 2026
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the... Moderate Unreviewed
CVE-2026-24935 was published Feb 3, 2026
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate... Moderate Unreviewed
CVE-2026-24934 was published Feb 3, 2026
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates... Moderate Unreviewed
CVE-2025-53869 was published Jan 29, 2026
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a... Moderate Unreviewed
CVE-2025-32057 was published Jan 22, 2026
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud... Moderate Unreviewed
CVE-2025-27377 was published Jan 22, 2026
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool... Moderate Unreviewed
CVE-2025-13034 was published Jan 8, 2026
When doing TLS related transfers with reused easy or multi handles and altering the ... Moderate Unreviewed
CVE-2025-14819 was published Jan 8, 2026
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control... Moderate Unreviewed
CVE-2025-52598 was published Dec 26, 2025
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
Traefik Inverted TLS Verification Logic in ingress-nginx Provider Moderate
CVE-2025-66491 was published for github.com/traefik/traefik/v3 (Go) Dec 8, 2025
pavelkohout396 Credited to pavelkohout396
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database