Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,967
Maven
5,000+
npm
4,614
NuGet
788
pip
4,315
Pub
12
RubyGems
984
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS... Critical Unreviewed
CVE-2026-26214 was published Feb 12, 2026
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,... Moderate Unreviewed
CVE-2025-15079 was published Jan 8, 2026
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname... Critical Unreviewed
CVE-2025-68637 was published Jan 7, 2026
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz
Credited to ppkarwasz
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy... High Unreviewed
CVE-2025-25253 was published Oct 14, 2025
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push... Critical Unreviewed
CVE-2025-46408 was published Sep 15, 2025
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows... Moderate Unreviewed
CVE-2025-4295 was published Jul 22, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7... Moderate Unreviewed
CVE-2024-54019 was published Jun 10, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for jruby-openssl (RubyGems) May 7, 2025
mohamedhafez
Credited to mohamedhafez
Keycloak hostname verification High
CVE-2025-3501 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2025
sharpedavid
Credited to sharpedavid
Duplicate Advisory: Keycloak hostname verification High
GHSA-r934-w73g-v4p8 was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin Moderate Unreviewed
CVE-2025-42921 was published Apr 17, 2025
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which... High Unreviewed
CVE-2025-2190 was published Mar 11, 2025
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server... Moderate Unreviewed
CVE-2024-49782 was published Feb 20, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server... Moderate Unreviewed
CVE-2024-38324 was published Sep 25, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default... High Unreviewed
CVE-2024-7346 was published Sep 3, 2024
Missing hostname validation in Kroxylicious Moderate
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the... High Unreviewed
CVE-2024-37015 was published Aug 13, 2024
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification Moderate
CVE-2024-41264 was published for github.com/casdoor/casdoor (Go) Aug 1, 2024
Allow attackers to intercept or falsify data exchanges between the client and the server Unknown Unreviewed
CVE-2024-2462 was published Jun 11, 2024
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning Moderate
CVE-2024-34447 was published for org.bouncycastle:bcprov-jdk12 (Maven) May 3, 2024
samueloph binary-1024
hmolsen
Credited to samueloph, binary-1024, and hmolsen
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass High
CVE-2024-32868 was published for github.com/zitadel/zitadel (Go) Apr 25, 2024
livio-a Skelmis
itz-d0dgy amit-laish muhlemmer peintnermax
Credited to livio-a, Skelmis, itz-d0dgy, amit-laish, muhlemmer, and peintnermax
libcurl did not check the server certificate of TLS connections done to a host specified as an IP... Moderate Unreviewed
CVE-2024-2466 was published Mar 27, 2024
KEPServerEX does not properly validate certificates from clients which may allow... High Unreviewed
CVE-2023-5909 was published Dec 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database