Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,722
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,946
Pub
13
RubyGems
1,055
Rust
1,338
Swift
54
Unreviewed advisories
All unreviewed
5,000+

150 advisories

Loading
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and... Moderate Unreviewed
CVE-2026-28950 was published Apr 22, 2026
LangSmith SDK: Streaming token events bypass output redaction Moderate
CVE-2026-41182 was published for langsmith (npm) Apr 16, 2026
Ryu7zz Credited to Ryu7zz
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox... Moderate Unreviewed
CVE-2026-6765 was published Apr 21, 2026
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System... Critical Unreviewed
CVE-2025-15623 was published Apr 17, 2026
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2023-6630 was published Jan 11, 2024
The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13216 was published Jan 31, 2025
The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is... Moderate Unreviewed
CVE-2023-7014 was published Feb 6, 2024
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2023-6695 was published Apr 9, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2024-40796 was published Jul 30, 2024
A privacy issue was addressed with improved private data redaction for log entries. This issue is... Moderate Unreviewed
CVE-2024-27881 was published Jul 30, 2024
This issue was addressed with improvements to the noise injection algorithm. This issue is fixed... Moderate Unreviewed
CVE-2024-27850 was published Jun 10, 2024
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in... Low Unreviewed
CVE-2024-23211 was published Jan 23, 2024
Keycloak: Information disclosure of disabled user attributes via administrative endpoint Low
CVE-2026-3911 was published for org.keycloak:keycloak-services (Maven) Mar 11, 2026
Sensitive information disclosure due to excessive collection of system information. The following... Low Unreviewed
CVE-2023-48680 was published Feb 27, 2024
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Since... Low Unreviewed
CVE-2025-66605 was published Feb 9, 2026
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS... High Unreviewed
CVE-2025-13008 was published Dec 19, 2025
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext... High Unreviewed
CVE-2025-10450 was published Dec 16, 2025
Under specific conditions, a malicious webpage may trigger autofill population after two... Low Unreviewed
CVE-2026-0102 was published Feb 17, 2026
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to... High Unreviewed
CVE-2020-37173 was published Feb 11, 2026
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to... Moderate Unreviewed
CVE-2026-24321 was published Feb 10, 2026
Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability Moderate
CVE-2026-24735 was published for github.com/apache/answer (Go) Feb 4, 2026
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account... Low Unreviewed
CVE-2025-11598 was published Feb 3, 2026
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information... High Unreviewed
CVE-2025-14317 was published Jan 14, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18... Low Unreviewed
CVE-2025-3950 was published Jan 9, 2026
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method Moderate
CVE-2024-29888 was published for saleor (pip) Mar 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database