Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,130
Maven
5,000+
npm
5,000+
NuGet
830
pip
4,436
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

451 advisories

Loading
parse-server: Malformed `$regex` query leaks database error details in API response Moderate
CVE-2026-30835 was published for parse-server (npm) Mar 6, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote,... Moderate Unreviewed
CVE-2026-2752 was published Mar 6, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Apache Airflow error reporting may expose full kwargs Moderate
CVE-2025-65995 was published for apache-airflow (pip) Feb 21, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown Credited to PlayerIUnknown
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2... Moderate Unreviewed
CVE-2025-36348 was published Feb 18, 2026
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could... Moderate Unreviewed
CVE-2026-23598 was published Feb 17, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed... Moderate Unreviewed
CVE-2025-66594 was published Feb 9, 2026
IBM Cloud Pak System displays sensitive information in user messages that could aid in further... Moderate Unreviewed
CVE-2023-38010 was published Feb 4, 2026
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to... Moderate Unreviewed
CVE-2023-38017 was published Feb 4, 2026
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies... Moderate Unreviewed
CVE-2023-38281 was published Feb 4, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation... High Unreviewed
CVE-2025-1395 was published Jan 30, 2026
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52023 was published Jan 23, 2026
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52022 was published Jan 23, 2026
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose... Low Unreviewed
CVE-2025-55250 was published Jan 19, 2026
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all... Moderate Unreviewed
CVE-2025-15526 was published Jan 16, 2026
Certain error messages returned by the application expose internal system details that should not... Moderate Unreviewed
CVE-2026-22646 was published Jan 15, 2026
Generation of error message containing sensitive information in Windows Kernel allows an... Moderate Unreviewed
CVE-2026-20838 was published Jan 13, 2026
A generation of error message containing sensitive information vulnerability has been reported to... High Unreviewed
CVE-2025-62840 was published Jan 2, 2026
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive... Moderate Unreviewed
CVE-2022-50686 was published Dec 18, 2025
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to... Moderate Unreviewed
CVE-2025-9122 was published Dec 16, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-13978 was published Dec 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database