Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue... High Unreviewed
CVE-2026-43869 was published May 5, 2026
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue... High Unreviewed
CVE-2026-41603 was published Apr 28, 2026
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates Moderate
CVE-2026-22747 was published for org.springframework.security:spring-security-web (Maven) Apr 22, 2026
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration Moderate
CVE-2026-34477 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager High
CVE-2026-24281 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
kascit Credited to kascit
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch Moderate
CVE-2025-59060 was published for org.apache.ranger:ranger-nifi-registry-plugin (Maven) Mar 3, 2026
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS... Critical Unreviewed
CVE-2026-26214 was published Feb 12, 2026
When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file,... Moderate Unreviewed
CVE-2025-15079 was published Jan 8, 2026
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname... Critical Unreviewed
CVE-2025-68637 was published Jan 7, 2026
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz Credited to ppkarwasz
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy... High Unreviewed
CVE-2025-25253 was published Oct 14, 2025
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push... Critical Unreviewed
CVE-2025-46408 was published Sep 15, 2025
Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows... Moderate Unreviewed
CVE-2025-4295 was published Jul 22, 2025
Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates Moderate
CVE-2025-49015 was published for CouchbaseNetClient (NuGet) Jun 18, 2025
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7... Moderate Unreviewed
CVE-2024-54019 was published Jun 10, 2025
JRuby-OpenSSL has hostname verification disabled by default Moderate
CVE-2025-46551 was published for jruby-openssl (RubyGems) May 7, 2025
mohamedhafez Credited to mohamedhafez
Keycloak hostname verification High
CVE-2025-3501 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2025
sharpedavid Credited to sharpedavid
Duplicate Advisory: Keycloak hostname verification High
GHSA-r934-w73g-v4p8 was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin Moderate Unreviewed
CVE-2025-42921 was published Apr 17, 2025
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which... High Unreviewed
CVE-2025-2190 was published Mar 11, 2025
IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server... Moderate Unreviewed
CVE-2024-49782 was published Feb 20, 2025
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server... Moderate Unreviewed
CVE-2024-38324 was published Sep 25, 2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default... High Unreviewed
CVE-2024-7346 was published Sep 3, 2024
Missing hostname validation in Kroxylicious Moderate
CVE-2024-8285 was published for io.kroxylicious:kroxylicious-runtime (Maven) Aug 31, 2024
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the... High Unreviewed
CVE-2024-37015 was published Aug 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database