Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet... Moderate Unreviewed
CVE-2025-31978 was published May 6, 2026
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion Moderate
CVE-2026-42042 was published for axios (npm) May 5, 2026
August829 Credited to August829
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service Moderate
CVE-2026-41181 was published for github.com/traefik/traefik/v2 (Go) May 4, 2026
lalalala5678 Credited to lalalala5678
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows... High Unreviewed
CVE-2026-42379 was published Apr 27, 2026
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2026-5512 was published Apr 22, 2026
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL High
CVE-2026-40161 was published for github.com/tektoncd/pipeline (Go) Apr 21, 2026
kodareef5 Credited to kodareef5 and vdemeester vdemeester vdemeester
HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization High
CVE-2026-4525 was published for github.com/hashicorp/vault (Go) Apr 17, 2026
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh... High Unreviewed
CVE-2026-5483 was published Apr 10, 2026
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP... Critical Unreviewed
CVE-2026-39912 was published Apr 9, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 |... Moderate Unreviewed
CVE-2026-39711 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the... Moderate Unreviewed
CVE-2026-39709 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy... Moderate Unreviewed
CVE-2026-39586 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting... Moderate Unreviewed
CVE-2026-39570 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for... Moderate Unreviewed
CVE-2026-39542 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine... Moderate Unreviewed
CVE-2026-39564 was published Apr 8, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History... Moderate Unreviewed
CVE-2026-39473 was published Apr 8, 2026
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers Moderate
GHSA-2vhw-q7vh-7xv2 was published for openssl-encrypt (pip) Apr 1, 2026
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could... High Unreviewed
CVE-2026-20151 was published Apr 1, 2026
Exposure of sensitive information in the users MFA feature in Devolutions Server allows users... Moderate Unreviewed
CVE-2026-4927 was published Apr 1, 2026
Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies High
CVE-2026-34226 was published for happy-dom (npm) Mar 29, 2026
r74tech Credited to r74tech
Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp... High Unreviewed
CVE-2026-32538 was published Mar 25, 2026
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by... Moderate Unreviewed
CVE-2026-25339 was published Mar 25, 2026
lz4_flex's decompression can leak information from uninitialized memory or reused output buffer High
CVE-2026-32829 was published for lz4_flex (Rust) Mar 16, 2026
Marcono1234 Credited to Marcono1234
Mattermost fails to preserve the redacted state of burn-on-read posts during deletion Moderate
CVE-2026-2578 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate... High Unreviewed
CVE-2025-11500 was published Mar 16, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database