Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,227 advisories

Loading
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2),... Moderate Unreviewed
CVE-2025-40745 was published Apr 14, 2026
Sigstore Timestamp Authority has Improper Certificate Validation in verifier Moderate
CVE-2026-39984 was published for github.com/sigstore/timestamp-authority/v2 (Go) Apr 14, 2026
jku Credited to jku
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience... Low Unreviewed
CVE-2026-0233 was published Apr 13, 2026
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which... High Unreviewed
CVE-2026-5501 was published Apr 10, 2026
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during... High Unreviewed
CVE-2026-5263 was published Apr 10, 2026
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA... Critical Unreviewed
CVE-2026-5194 was published Apr 9, 2026
rfc3161-client Has Improper Certificate Validation Moderate
CVE-2026-33753 was published for rfc3161-client (pip) Apr 8, 2026
Jaynornj Credited to Jaynornj
Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation High
CVE-2026-4740 was published for open-cluster-management.io/ocm (Go) Apr 7, 2026
Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed
CVE-2026-35560 was published Apr 3, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker... High Unreviewed
CVE-2026-29140 was published Apr 2, 2026
Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster Critical
CVE-2026-4370 was published for github.com/juju/juju (Go) Apr 2, 2026
hpidcock Credited to hpidcock, tlm, manadart, and wallyworld tlm tlm
manadart manadart wallyworld wallyworld
Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials Moderate
GHSA-prxj-3gcv-cqrh was published for github.com/teslamotors/fleet-telemetry (Go) Apr 1, 2026
yueyueL Credited to yueyueL
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Moderate Unreviewed
CVE-2026-25834 was published Apr 1, 2026
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an... Moderate Unreviewed
CVE-2026-20042 was published Apr 1, 2026
Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange Moderate
CVE-2026-32794 was published for apache-airflow (pip) Mar 31, 2026
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper... High Unreviewed
CVE-2019-25652 was published Mar 28, 2026
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl... Moderate Unreviewed
CVE-2025-15612 was published Mar 27, 2026
cryptography has incomplete DNS name constraint enforcement on peer names Low
CVE-2026-34073 was published for cryptography (pip) Mar 27, 2026
1seal Credited to 1seal and woodruffw woodruffw woodruffw
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching Moderate
CVE-2026-33248 was published for github.com/nats-io/nats-server (Go) Mar 24, 2026
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Improper certificate validation in the PAM propagation WinRM connections allows a network... High Unreviewed
CVE-2026-4434 was published Mar 20, 2026
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) Critical
CVE-2026-30836 was published for github.com/smallstep/certificates (Go) Mar 19, 2026
PrasanthSundararajan69 Credited to PrasanthSundararajan69
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database