Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Podman Improper Certificate Validation; machine missing TLS verification High
CVE-2025-6032 was published for github.com/containers/podman/v4 (Go) Jun 25, 2025
Luap99
Credited to Luap99
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification High
CVE-2025-12765 was published for pgadmin4 (pip) Nov 13, 2025
Square OkHttp can accept the wrong certificate High
CVE-2021-0341 was published for com.squareup.okhttp3:okhttp (Maven) May 24, 2022
jmini
Credited to jmini
NeuVector telemetry sender is vulnerable to MITM and DoS High
CVE-2025-54470 was published for github.com/neuvector/neuvector (Go) Oct 21, 2025
mmalesev
Credited to mmalesev
Mattermost Server does not check if cookies are used over SSL High
CVE-2016-11076 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
OpenSearch Data Prepper plugins trust all SSL certificates by default High
CVE-2025-62371 was published for org.opensearch.dataprepper.plugins:opensearch (Maven) Oct 15, 2025
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin High
CVE-2025-5279 was published for redshift-connector (pip) May 28, 2025
girotomas
Credited to girotomas
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string High
CVE-2025-11695 was published for mongodb (Rust) Oct 13, 2025
DragonFly's manager generates mTLS certificates for arbitrary IP addresses High
CVE-2025-59353 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
1Panel agent certificate verification bypass leading to arbitrary command execution High
CVE-2025-54424 was published for github.com/1Panel-dev/1Panel/core (Go) Aug 1, 2025
lizicoco
Credited to lizicoco
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Credited to oscerd
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton High
CVE-2019-0223 was published for org.apache.qpid:proton-j (Maven) May 24, 2022 withdrawn
nhakmiller
Credited to nhakmiller
Apache HttpClient disables domain checks High
CVE-2025-27820 was published for org.apache.httpcomponents.client5:httpclient5 (Maven) Apr 24, 2025
Steve doesn’t verify a server’s certificate and is susceptible to man-in-the-middle (MitM) attacks High
CVE-2023-32198 was published for github.com/rancher/steve (Go) Apr 25, 2025
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
Improper Certificate Validation in Apache DolphinScheduler High
CVE-2023-49250 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack High
CVE-2023-48052 was published for httpie (pip) Nov 16, 2023
RJPercival
Credited to RJPercival
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination High
CVE-2024-10039 was published for org.keycloak:keycloak-core (Maven) Nov 25, 2024
ahus1 westonsteimel
Credited to ahus1 and westonsteimel
Agent Dart is missing certificate verification checks High
CVE-2024-48915 was published for agent_dart (Pub) Oct 15, 2024
eduarddfinity AlexV525
Credited to eduarddfinity and AlexV525
TCPDF missing certificate validation High
CVE-2024-56521 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Python Twisted trustRoot is not respected in HTTP client High
CVE-2014-7143 was published for twisted (pip) Dec 17, 2019
Improper Certificate Validation in urllib3 High
CVE-2019-11324 was published for urllib3 (pip) Apr 19, 2019
tdunlap607
Credited to tdunlap607
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40830 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Improper certificate management in AWS IoT Device SDK v2 High
CVE-2021-40831 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database