Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

490 advisories

Loading
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server... High Unreviewed
CVE-2026-32992 was published May 14, 2026
epa4all-client has a VAU Signature bypass High
CVE-2026-44900 was published for com.oviva.telematik:epa4all-client (Maven) May 8, 2026
snomi Credited to snomi and Volcore Volcore Volcore
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation High
CVE-2026-44700 was published for ex_webrtc (Erlang) May 8, 2026
songxpu Credited to songxpu
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0... High Unreviewed
CVE-2026-5787 was published May 7, 2026
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1... High Unreviewed
CVE-2026-7821 was published May 7, 2026
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were... High Unreviewed
CVE-2026-42011 was published May 7, 2026
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS High
CVE-2025-71261 was published for github.com/harvester/harvester (Go) May 6, 2026
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... High Unreviewed
CVE-2026-23776 was published Apr 17, 2026
Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles High
CVE-2026-40944 was published for github.com/oxia-db/oxia (Go) Apr 14, 2026
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which... High Unreviewed
CVE-2026-5501 was published Apr 10, 2026
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during... High Unreviewed
CVE-2026-5263 was published Apr 10, 2026
When verifying a certificate chain containing excluded DNS constraints, these constraints are not... High Unreviewed
CVE-2026-33810 was published Apr 8, 2026
Validating certificate chains which use policies is unexpectedly inefficient when certificates in... High Unreviewed
CVE-2026-32281 was published Apr 8, 2026
Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation High
CVE-2026-4740 was published for open-cluster-management.io/ocm (Go) Apr 7, 2026
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker... High Unreviewed
CVE-2026-29140 was published Apr 2, 2026
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper... High Unreviewed
CVE-2019-25652 was published Mar 28, 2026
Incus does not verify combined fingerprint when downloading images from simplestreams servers High
CVE-2026-33542 was published for github.com/lxc/incus/v6/client (Go) Mar 27, 2026
wl2018 Credited to wl2018 and stgraber stgraber stgraber
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) High
CVE-2026-33896 was published for node-forge (npm) Mar 26, 2026
peaktwilight Credited to peaktwilight
CRL Distribution Point Scope Check Logic Error in AWS-LC High
GHSA-9f94-5g5w-gf6r was published for aws-lc-fips-sys (Rust) Mar 20, 2026
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
Improper certificate validation in the PAM propagation WinRM connections allows a network... High Unreviewed
CVE-2026-4434 was published Mar 20, 2026
Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier... High Unreviewed
CVE-2026-4396 was published Mar 18, 2026
An improper certificate validation vulnerability was reported in the Lenovo Filez application... High Unreviewed
CVE-2026-2368 was published Mar 11, 2026
Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When... High Unreviewed
CVE-2026-3822 was published Mar 9, 2026
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database