Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information... Moderate Unreviewed
CVE-2026-2484 was published Mar 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information... Moderate Unreviewed
CVE-2026-1262 was published Mar 25, 2026
HCL Traveler is affected by sensitive information disclosure.  The application generates some... Moderate Unreviewed
CVE-2026-21783 was published Mar 24, 2026
Keycloak's identity-first login flow exposes user information Low
CVE-2026-4633 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques High
CVE-2026-33192 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request Moderate
CVE-2026-33065 was published for github.com/free5gc/udm (Go) Mar 18, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Moderate Unreviewed
CVE-2025-13726 was published Mar 13, 2026
parse-server: Malformed `$regex` query leaks database error details in API response Moderate
CVE-2026-30835 was published for parse-server (npm) Mar 6, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote,... Moderate Unreviewed
CVE-2026-2752 was published Mar 6, 2026
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure... Moderate Unreviewed
CVE-2026-22052 was published Mar 5, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Apache Airflow error reporting may expose full kwargs Moderate
CVE-2025-65995 was published for apache-airflow (pip) Feb 21, 2026
OpenClaw session tool visibility hardening and Telegram webhook secret fallback Moderate
CVE-2026-27004 was published for openclaw (npm) Feb 18, 2026
aether-ai-agent Credited to aether-ai-agent
Libredesk has a SSRF Vulnerability in Webhooks Moderate
CVE-2026-26957 was published for github.com/abhinavxd/libredesk (Go) Feb 18, 2026
PlayerIUnknown Credited to PlayerIUnknown
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2... Moderate Unreviewed
CVE-2025-36348 was published Feb 18, 2026
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could... Moderate Unreviewed
CVE-2026-23598 was published Feb 17, 2026
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed... Moderate Unreviewed
CVE-2025-66594 was published Feb 9, 2026
IBM Cloud Pak System displays sensitive information in user messages that could aid in further... Moderate Unreviewed
CVE-2023-38010 was published Feb 4, 2026
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies... Moderate Unreviewed
CVE-2023-38281 was published Feb 4, 2026
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to... Moderate Unreviewed
CVE-2023-38017 was published Feb 4, 2026
A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4... High Unreviewed
CVE-2025-12773 was published Feb 3, 2026
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation... High Unreviewed
CVE-2025-1395 was published Jan 30, 2026
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52022 was published Jan 23, 2026
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows... Moderate Unreviewed
CVE-2025-52023 was published Jan 23, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database