Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

562 advisories

Loading
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use... Moderate Unreviewed
CVE-2025-4575 was published May 22, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to... Moderate Unreviewed
CVE-2024-45641 was published May 20, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering... Moderate Unreviewed
CVE-2023-33861 was published May 20, 2025
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does... Moderate Unreviewed
CVE-2025-32407 was published May 16, 2025
Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before... Moderate Unreviewed
CVE-2025-22459 was published Apr 8, 2025
HashiCorp Vault's revocation list not respected Moderate
CVE-2022-41316 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for org.jruby:jruby (Maven) May 7, 2025
mohamedhafez
Credited to mohamedhafez
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2025-20157 was published May 7, 2025
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due... Moderate Unreviewed
CVE-2025-3218 was published May 7, 2025
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM)... Moderate Unreviewed
CVE-2025-37730 was published May 6, 2025
In Modem, there is a possible permission bypass due to improper certificate validation. This... Moderate Unreviewed
CVE-2025-20670 was published May 5, 2025
Fleet doesn’t validate a server’s certificate when connecting through SSH Moderate
CVE-2025-23390 was published for github.com/rancher/fleet (Go) Apr 25, 2025
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates... Moderate Unreviewed
CVE-2015-4100 was published May 24, 2022
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a... Moderate Unreviewed
CVE-2017-17716 was published May 14, 2022
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu... Moderate Unreviewed
CVE-2016-1252 was published May 13, 2022
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which... Moderate Unreviewed
CVE-2014-2845 was published May 13, 2022
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X... Moderate Unreviewed
CVE-2017-14582 was published May 17, 2022
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and... Moderate Unreviewed
CVE-2017-12228 was published May 13, 2022
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with... Moderate Unreviewed
CVE-2017-7971 was published May 17, 2022
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP.... Moderate Unreviewed
CVE-2017-11501 was published May 14, 2022
The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank... Moderate Unreviewed
CVE-2017-9590 was published May 17, 2022
The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb... Moderate Unreviewed
CVE-2017-9589 was published May 17, 2022
The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747... Moderate Unreviewed
CVE-2017-9582 was published May 17, 2022
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509... Moderate Unreviewed
CVE-2017-9561 was published May 17, 2022
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit... Moderate Unreviewed
CVE-2017-9598 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database