Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

150 advisories

Loading
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and... Moderate Unreviewed
CVE-2026-28950 was published Apr 22, 2026
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox... Moderate Unreviewed
CVE-2026-6765 was published Apr 21, 2026
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System... Critical Unreviewed
CVE-2025-15623 was published Apr 17, 2026
LangSmith SDK: Streaming token events bypass output redaction Moderate
CVE-2026-41182 was published for langsmith (npm) Apr 16, 2026
Ryu7zz Credited to Ryu7zz
Keycloak: Information disclosure of disabled user attributes via administrative endpoint Low
CVE-2026-3911 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Under specific conditions, a malicious webpage may trigger autofill population after two... Low Unreviewed
CVE-2026-0102 was published Feb 17, 2026
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to... High Unreviewed
CVE-2020-37173 was published Feb 11, 2026
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to... Moderate Unreviewed
CVE-2026-24321 was published Feb 10, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since... Low Unreviewed
CVE-2025-66605 was published Feb 9, 2026
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability Moderate
CVE-2026-24735 was published for github.com/apache/answer (Go) Feb 4, 2026
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account... Low Unreviewed
CVE-2025-11598 was published Feb 3, 2026
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information... High Unreviewed
CVE-2025-14317 was published Jan 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18... Low Unreviewed
CVE-2025-3950 was published Jan 9, 2026
Gitea: anonymous user can visit private user's project Moderate
CVE-2025-68945 was published for code.gitea.io/gitea (Go) Dec 26, 2025
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624... High Unreviewed
CVE-2025-65857 was published Dec 23, 2025
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS... High Unreviewed
CVE-2025-13008 was published Dec 19, 2025
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit... High Unreviewed
CVE-2025-1030 was published Dec 18, 2025
AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public... Moderate Unreviewed
CVE-2025-34441 was published Dec 17, 2025
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext... High Unreviewed
CVE-2025-10450 was published Dec 16, 2025
The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in... Moderate Unreviewed
CVE-2025-0969 was published Dec 13, 2025
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client High
CVE-2025-66035 was published for @angular/common (npm) Nov 26, 2025
alan-agius4 Credited to alan-agius4, AndrewKushnir, irsl, hybrist, and AKiileX AndrewKushnir AndrewKushnir
irsl irsl hybrist hybrist AKiileX AKiileX
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-12536 was published Nov 13, 2025
Files or Directories Accessible to External Parties, Exposure of Private Personal Information to... High Unreviewed
CVE-2025-11959 was published Nov 11, 2025
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX... Moderate Unreviewed
CVE-2025-36131 was published Nov 7, 2025
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application... Moderate Unreviewed
CVE-2025-52602 was published Nov 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database