Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store Low
GHSA-6vgg-xhvh-38ff was published for github.com/juev/nebula-mesh (Go) Jun 12, 2026
ak2k Credited to ak2k
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0).... Moderate Unreviewed
CVE-2026-41918 was published Jun 2, 2026
Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed Moderate
CVE-2026-41322 was published for @astrojs/node (npm) Apr 23, 2026
dnlbln Credited to dnlbln, matthewp, and ematipico matthewp matthewp
ematipico ematipico
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker... Moderate Unreviewed
CVE-2025-15554 was published Mar 16, 2026
IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read... Moderate Unreviewed
CVE-2025-36364 was published Mar 3, 2026
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive... Moderate Unreviewed
CVE-2026-24437 was published Jan 26, 2026
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to... Low Unreviewed
CVE-2025-52659 was published Jan 19, 2026
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels Low
CVE-2025-13083 was published for drupal/core (Composer) Nov 18, 2025
Liferay Portal and DXP use an incorrect cache-control header Moderate
CVE-2025-62276 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Nov 1, 2025
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  ... Low Unreviewed
CVE-2025-52625 was published Oct 10, 2025
IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another... Moderate Unreviewed
CVE-2025-36082 was published Sep 15, 2025
Better Call routing bug can lead to Cache Deception Moderate
GHSA-hq75-xg7r-rx6c was published for better-call (npm) Jul 11, 2025
mwlik Credited to mwlik
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0... Moderate Unreviewed
CVE-2025-1348 was published Jun 18, 2025
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies High
CVE-2025-48947 was published for @auth0/nextjs-auth0 (npm) Jun 4, 2025
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0... Moderate Unreviewed
CVE-2025-1334 was published Jun 3, 2025
Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager... Low Unreviewed
CVE-2025-27525 was published May 15, 2025
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which... Moderate Unreviewed
CVE-2023-43035 was published Apr 10, 2025
IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read... Moderate Unreviewed
CVE-2024-31906 was published Jan 26, 2025
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be... Moderate Unreviewed
CVE-2024-22349 was published Jan 20, 2025
Flask-AppBuilder's login form allows browser to cache sensitive fields Moderate
CVE-2024-45314 was published for flask-appbuilder (pip) Sep 4, 2024
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which... Low Unreviewed
CVE-2024-30130 was published Jul 19, 2024
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10... Moderate Unreviewed
CVE-2022-38383 was published Jun 29, 2024
Apache Airflow does not return the "Cache-Control" header for dynamic content Low
CVE-2024-25142 was published for apache-airflow (pip) Jun 14, 2024
IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web... Moderate Unreviewed
CVE-2024-22333 was published Jun 13, 2024
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by... Moderate Unreviewed
CVE-2024-22343 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database