Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

562 advisories

Loading
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
GeoIP processor disables SSL certificate validation when downloading databases Moderate
GHSA-3xgr-h5hq-7299 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier Moderate
GHSA-28gg-8qqj-fhh5 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
A vulnerability was reported in the Lenovo LeCloud client application that, under certain... Moderate Unreviewed
CVE-2025-10699 was published Oct 15, 2025
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Moderate Unreviewed
CVE-2025-11633 was published Oct 12, 2025
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server... Moderate Unreviewed
CVE-2025-10548 was published Sep 23, 2025
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle... Moderate Unreviewed
CVE-2025-58781 was published Sep 12, 2025
Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in... Moderate Unreviewed
CVE-2025-58127 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM... Moderate Unreviewed
CVE-2025-58124 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in... Moderate Unreviewed
CVE-2025-58125 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM... Moderate Unreviewed
CVE-2025-58126 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in... Moderate Unreviewed
CVE-2025-58123 was published Aug 28, 2025
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS... Moderate Unreviewed
CVE-2025-33142 was published Aug 14, 2025
An insufficient validation on the server connection endpoint in Netskope Client allows local... Moderate Unreviewed
CVE-2025-0309 was published Aug 14, 2025
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables... Moderate Unreviewed
CVE-2025-2183 was published Aug 13, 2025
A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an... Moderate Unreviewed
CVE-2025-20215 was published Aug 6, 2025
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2025-48393 was published Aug 6, 2025
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used... Moderate Unreviewed
CVE-2025-2028 was published Aug 6, 2025
Hashicorp Vault has Incorrect Validation for Non-CA Certificates Moderate
CVE-2025-6037 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database