Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,630
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,850
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,245 advisories

Loading
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an... Moderate Unreviewed
CVE-2026-41016 was published Apr 30, 2026
CKAN has no certificate validation on STMP connection Moderate
CVE-2026-41132 was published for ckan (pip) Apr 29, 2026
francisbergin Credited to francisbergin
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3... Moderate Unreviewed
CVE-2025-10539 was published Apr 28, 2026
Spring Boot's Cassandra auto-configuration does not perform hostname verification when... Moderate Unreviewed
CVE-2026-40974 was published Apr 28, 2026
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform... Moderate Unreviewed
CVE-2026-40971 was published Apr 28, 2026
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not... Moderate Unreviewed
CVE-2026-40970 was published Apr 27, 2026
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus... Moderate Unreviewed
CVE-2026-40557 was published Apr 27, 2026
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate Low
CVE-2026-39388 was published for github.com/openbao/openbao (Go) Apr 21, 2026
jmecom Credited to jmecom
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... High Unreviewed
CVE-2026-23776 was published Apr 17, 2026
webpki: Name constraints were accepted for certificates asserting a wildcard name Low
GHSA-xgp8-3hg3-c2mh was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
webpki: Name constraints for URI names were incorrectly accepted Low
GHSA-965h-392x-2mh5 was published for rustls-webpki (Rust) Apr 16, 2026
1seal Credited to 1seal
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex... Critical Unreviewed
CVE-2026-20184 was published Apr 15, 2026
Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles High
CVE-2026-40944 was published for github.com/oxia-db/oxia (Go) Apr 14, 2026
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2),... Moderate Unreviewed
CVE-2025-40745 was published Apr 14, 2026
Sigstore Timestamp Authority has Improper Certificate Validation in verifier Moderate
CVE-2026-39984 was published for github.com/sigstore/timestamp-authority/v2 (Go) Apr 14, 2026
jku Credited to jku
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience... Low Unreviewed
CVE-2026-0233 was published Apr 13, 2026
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which... High Unreviewed
CVE-2026-5501 was published Apr 10, 2026
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during... High Unreviewed
CVE-2026-5263 was published Apr 10, 2026
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA... Critical Unreviewed
CVE-2026-5194 was published Apr 9, 2026
rfc3161-client Has Improper Certificate Validation Moderate
CVE-2026-33753 was published for rfc3161-client (pip) Apr 8, 2026
Jaynornj Credited to Jaynornj
When verifying a certificate chain containing excluded DNS constraints, these constraints are not... High Unreviewed
CVE-2026-33810 was published Apr 8, 2026
Validating certificate chains which use policies is unexpectedly inefficient when certificates in... High Unreviewed
CVE-2026-32281 was published Apr 8, 2026
Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation High
CVE-2026-4740 was published for open-cluster-management.io/ocm (Go) Apr 7, 2026
Improper certificate validation in the identity provider connection components in Amazon Athena... Critical Unreviewed
CVE-2026-35560 was published Apr 3, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker... High Unreviewed
CVE-2026-29140 was published Apr 2, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database