Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,061 advisories

Loading
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26... Moderate Unreviewed
CVE-2025-46313 was published Jun 11, 2026
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS... Moderate Unreviewed
CVE-2026-0267 was published Jun 11, 2026
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs) Moderate
CVE-2026-47768 was published for github.com/juev/nebula-mesh (Go) Jun 10, 2026
ak2k Credited to ak2k
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the... Moderate Unreviewed
CVE-2026-9751 was published Jun 10, 2026
MongoDB server may log authentication parameters, including credentials, to the server log during... Moderate Unreviewed
CVE-2026-9735 was published Jun 10, 2026
System log files output unencrypted SMTP server authentication passwords alongside sensitive... High Unreviewed
CVE-2026-50205 was published Jun 4, 2026
A high security vulnerability affecting Security Center main server installations has been... High Unreviewed
CVE-2026-40619 was published Jun 2, 2026
Admidio writes session IDs and auto-login cookie values to application logs Moderate
CVE-2026-47234 was published for admidio/admidio (Composer) May 29, 2026
0x2face Credited to 0x2face, spect3r1, 0xreizouko, ADHAM-KHAIRY, BabaYaga0x01, and 0xheg3zy spect3r1 spect3r1
0xreizouko 0xreizouko ADHAM-KHAIRY ADHAM-KHAIRY BabaYaga0x01 BabaYaga0x01 0xheg3zy 0xheg3zy
The acer_cgi.log file in the device firmware is accessible without authentication via the web... Critical Unreviewed
CVE-2026-49200 was published May 29, 2026
In Calico, the install-cni init container logs the rendered CNI configuration to standard output.... Moderate Unreviewed
CVE-2026-41184 was published May 28, 2026
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full... High Unreviewed
CVE-2026-6720 was published May 28, 2026
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming... Moderate Unreviewed
CVE-2026-41185 was published May 28, 2026
OpenBao's Inline Auth Incorrectly Redacted Headers Moderate
CVE-2026-46358 was published for github.com/openbao/openbao (Go) May 28, 2026
jackyliao123 Credited to jackyliao123
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation. High Unreviewed
CVE-2026-32996 was published May 28, 2026
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in... Moderate Unreviewed
CVE-2026-5515 was published May 27, 2026
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3,... Moderate Unreviewed
CVE-2026-2607 was published May 27, 2026
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes... Moderate Unreviewed
CVE-2025-13755 was published May 26, 2026
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service... High Unreviewed
CVE-2026-25193 was published May 26, 2026
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail... Moderate Unreviewed
CVE-2021-21508 was published May 26, 2026
Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on... High Unreviewed
CVE-2026-8671 was published May 26, 2026
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext,... High Unreviewed
CVE-2026-44052 was published May 21, 2026
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below... High Unreviewed
CVE-2026-20239 was published May 20, 2026
Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions Moderate
GHSA-5wxr-w449-57cm was published for shivammathur/setup-php (GitHub Actions) May 20, 2026
fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode Moderate
CVE-2026-45581 was published for org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (Maven) May 19, 2026
lalalala5678 Credited to lalalala5678 and bestbeforetoday bestbeforetoday bestbeforetoday
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages Moderate
CVE-2026-45679 was published for go.opentelemetry.io/obi (Go) May 18, 2026
MrAlias Credited to MrAlias and grcevski grcevski grcevski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database