Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

562 advisories

Loading
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of... Moderate Unreviewed
CVE-2016-9064 was published May 14, 2022
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to... Moderate Unreviewed
CVE-2025-30669 was published Nov 13, 2025
A vulnerability was reported in the Lenovo Scanner pro application during an internal security... Moderate Unreviewed
CVE-2025-12047 was published Nov 12, 2025
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream... Moderate Unreviewed
CVE-2025-12943 was published Nov 11, 2025
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate... Moderate Unreviewed
CVE-2025-32989 was published Jul 10, 2025
Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain Moderate
CVE-2025-9708 was published for KubernetesClient (NuGet) Sep 17, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 17.4,... Moderate Unreviewed
CVE-2024-23273 was published Mar 8, 2024
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS... Moderate Unreviewed
CVE-2023-41991 was published Sep 21, 2023
When using Alt-Svc, ALPN did not properly validate certificates when the original server is... Moderate Unreviewed
CVE-2025-0239 was published Jan 7, 2025
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is... Moderate Unreviewed
CVE-2024-25053 was published Jun 29, 2024
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server... Moderate Unreviewed
CVE-2025-10548 was published Sep 23, 2025
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Moderate Unreviewed
CVE-2025-11633 was published Oct 12, 2025
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic... Moderate Unreviewed
CVE-2020-0601 was published May 24, 2022
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents Moderate
CVE-2025-62375 was published for github.com/in-toto/go-witness (Go) Oct 15, 2025
jkjell
Credited to jkjell
GeoIP processor disables SSL certificate validation when downloading databases Moderate
GHSA-3xgr-h5hq-7299 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
OpenSearch Data Prepper uses deprecated SSL protocol identifier Moderate
GHSA-28gg-8qqj-fhh5 was published for org.opensearch.dataprepper.plugins:geoip-processor (Maven) Oct 15, 2025
A vulnerability was reported in the Lenovo LeCloud client application that, under certain... Moderate Unreviewed
CVE-2025-10699 was published Oct 15, 2025
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an... Moderate Unreviewed
CVE-2024-5918 was published Nov 14, 2024
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in... Moderate Unreviewed
CVE-2025-58127 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM... Moderate Unreviewed
CVE-2025-58124 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM... Moderate Unreviewed
CVE-2025-58126 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in... Moderate Unreviewed
CVE-2025-58125 was published Aug 28, 2025
Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in... Moderate Unreviewed
CVE-2025-58123 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database