Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,130 advisories

Loading
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a... Low Unreviewed
CVE-2025-12893 was published Nov 25, 2025
A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4... High Unreviewed
CVE-2025-44018 was published Nov 24, 2025
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy... Low Unreviewed
CVE-2025-65083 was published Nov 17, 2025
Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10... Low Unreviewed
CVE-2025-60022 was published Nov 17, 2025
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification High
CVE-2025-12765 was published for pgadmin4 (pip) Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser... High Unreviewed
CVE-2025-10495 was published Nov 12, 2025
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11).... High Unreviewed
CVE-2025-40744 was published Nov 11, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data... High Unreviewed
CVE-2025-64685 was published Nov 10, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate... Critical Unreviewed
CVE-2025-56231 was published Nov 5, 2025
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and... High Unreviewed
CVE-2025-11619 was published Oct 15, 2025
GeoIP processor disables SSL certificate validation when downloading databases Moderate
GHSA-3xgr-h5hq-7299 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier Moderate
GHSA-28gg-8qqj-fhh5 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
OpenSearch Data Prepper plugins trust all SSL certificates by default High
CVE-2025-62371 was published for org.opensearch.dataprepper.plugins:opensearch (Maven) Oct 15, 2025
A vulnerability was reported in the Lenovo LeCloud client application that, under certain... Moderate Unreviewed
CVE-2025-10699 was published Oct 15, 2025
An improper certificate validation vulnerability was reported in the Lenovo Universal Device... Low Unreviewed
CVE-2025-6026 was published Oct 15, 2025
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Moderate Unreviewed
CVE-2025-11633 was published Oct 12, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Critical Unreviewed
CVE-2025-34235 was published Sep 29, 2025
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server... Moderate Unreviewed
CVE-2025-10548 was published Sep 23, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database