Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Apache Cassandra has sensitive Information Leak in cqlsh Moderate
CVE-2026-27315 was published for org.apache.cassandra:cassandra-all (Maven) Apr 7, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs Moderate
GHSA-xwcj-hwhf-h378 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens Moderate
GHSA-7h7g-x2px-94hj was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua and woreksami woreksami woreksami
OneUptime: Password Reset Token Logged at INFO Level Moderate
CVE-2026-32598 was published for oneuptime (npm) Mar 13, 2026
n0rv-TvT Credited to n0rv-TvT
OliveTin's email argument makes compliance harder, enables log injection Moderate
GHSA-xx6g-43w2-9g6g was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
fg0x0 Credited to fg0x0
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
Rancher Backup Operator pod's logs leak S3 tokens Moderate
CVE-2025-62879 was published for github.com/rancher/backup-restore-operator (Go) Mar 3, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure Moderate
CVE-2026-27900 was published for github.com/linode/terraform-provider-linode (Go) Feb 26, 2026
Apache Airflow exposes sensitive information in its log files Moderate
CVE-2025-27555 was published for apache-airflow (pip) Feb 24, 2026
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command) Moderate
CVE-2026-25918 was published for @rage-against-the-pixel/unity-cli (npm) Feb 10, 2026
Neo4j Enterprise and Community vulnerable to a potential information disclosure Moderate
CVE-2026-1622 was published for org.neo4j:neo4j (Maven) Feb 4, 2026
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang Credited to cchheang
vLLM has RCE In Video Processing Critical
CVE-2026-22778 was published for vllm (pip) Feb 2, 2026
dan-sec-ops Credited to dan-sec-ops, DarkLight1337, and russellb DarkLight1337 DarkLight1337
russellb russellb
Llama Stack exposes secret in initialization log Low
CVE-2026-25211 was published for llama-stack (pip) Jan 30, 2026
Apache Linkis: Password Exposure Moderate
CVE-2025-59355 was published for org.apache.linkis:linkis-metadata (Maven) Jan 19, 2026
RustFS's RPC signature verification logs shared secret Low
CVE-2026-22782 was published for rustfs (Rust) Jan 16, 2026
rand-tech Credited to rand-tech
Apache Airflow proxy credentials for various providers might leak in task logs High
CVE-2025-68675 was published for apache-airflow (pip) Jan 16, 2026
Pimcore ENV Variables and Cookie Informations are exposed in http_error_log High
CVE-2026-23493 was published for pimcore/pimcore (Composer) Jan 15, 2026
putzflorian Credited to putzflorian
hermes's raw options logging may disclose secrets passed in via subcommand options argument Moderate
CVE-2026-22798 was published for hermes (pip) Jan 13, 2026
thunze Credited to thunze, sdruskat, and zyzzyxdonta sdruskat sdruskat
zyzzyxdonta zyzzyxdonta
Mattermost Desktop App exposes sensitive information in its application logs Low
CVE-2025-13321 was published for mattermost-desktop (npm) Dec 17, 2025
Ansible Community General Collection is vulnerable to exposure of sensitive information Moderate
CVE-2025-14010 was published for ansible (pip) Dec 4, 2025
reanguiano Credited to reanguiano
Coder logs sensitive objects unsanitized High
CVE-2025-66411 was published for github.com/coder/coder/v2 (Go) Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database