Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

541 advisories

Loading
A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an... Moderate Unreviewed
CVE-2025-20215 was published Aug 6, 2025
The server identity check mechanism for firmware upgrade performed via command shell is... Moderate Unreviewed
CVE-2025-48393 was published Aug 6, 2025
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used... Moderate Unreviewed
CVE-2025-2028 was published Aug 6, 2025
Hashicorp Vault has Incorrect Validation for Non-CA Certificates Moderate
CVE-2025-6037 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0... Moderate Unreviewed
CVE-2025-36005 was published Jul 25, 2025
The communication protocol used between client and server had a flaw that could be leveraged to... Moderate Unreviewed
CVE-2025-30024 was published Jul 11, 2025
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate... Moderate Unreviewed
CVE-2025-32989 was published Jul 10, 2025
Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could... Moderate Unreviewed
CVE-2025-35983 was published Jul 10, 2025
Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing... Moderate Unreviewed
CVE-2025-48802 was published Jul 8, 2025
A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4... Moderate Unreviewed
CVE-2025-7095 was published Jul 7, 2025
In Yealink YMCS RPS before 2025-05-26, the certificate upload function does not properly validate... Moderate Unreviewed
CVE-2025-52919 was published Jun 22, 2025
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0... Moderate Unreviewed
CVE-2025-36041 was published Jun 15, 2025
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below,... Moderate Unreviewed
CVE-2025-24471 was published Jun 10, 2025
libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an... Moderate Unreviewed
CVE-2025-5025 was published May 28, 2025
libcurl accidentally skips the certificate verification for QUIC connections when connecting to a... Moderate Unreviewed
CVE-2025-4947 was published May 28, 2025
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use... Moderate Unreviewed
CVE-2025-4575 was published May 22, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to... Moderate Unreviewed
CVE-2024-45641 was published May 20, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering... Moderate Unreviewed
CVE-2023-33861 was published May 20, 2025
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does... Moderate Unreviewed
CVE-2025-32407 was published May 16, 2025
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2025-20157 was published May 7, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for org.jruby:jruby (Maven) May 7, 2025
mohamedhafez
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due... Moderate Unreviewed
CVE-2025-3218 was published May 7, 2025
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM)... Moderate Unreviewed
CVE-2025-37730 was published May 6, 2025
In Modem, there is a possible permission bypass due to improper certificate validation. This... Moderate Unreviewed
CVE-2025-20670 was published May 5, 2025
Fleet doesn’t validate a server’s certificate when connecting through SSH Moderate
CVE-2025-23390 was published for github.com/rancher/fleet (Go) Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database