Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
42
Go
3,124
Maven
5,000+
npm
5,000+
NuGet
826
pip
4,434
Pub
12
RubyGems
988
Rust
1,172
Swift
50
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered... Moderate Unreviewed
CVE-2025-70040 was published Mar 9, 2026
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is... Low Unreviewed
CVE-2026-21786 was published Mar 5, 2026
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive... Moderate Unreviewed
CVE-2026-1265 was published Mar 3, 2026
Rancher Backup Operator pod's logs leak S3 tokens Moderate
CVE-2025-62879 was published for github.com/rancher/backup-restore-operator (Go) Mar 3, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure Moderate
CVE-2026-27900 was published for github.com/linode/terraform-provider-linode (Go) Feb 26, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-0976 was published Feb 25, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-5781 was published Feb 25, 2026
Apache Airflow exposes sensitive information in its log files Moderate
CVE-2025-27555 was published for apache-airflow (pip) Feb 24, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact... Moderate Unreviewed
CVE-2026-2350 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. Moderate Unreviewed
CVE-2026-2605 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. Moderate Unreviewed
CVE-2026-1292 was published Feb 20, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud... Moderate Unreviewed
CVE-2026-20144 was published Feb 18, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk... Moderate Unreviewed
CVE-2026-20138 was published Feb 18, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk... Moderate Unreviewed
CVE-2026-20142 was published Feb 18, 2026
The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3,... Low Unreviewed
CVE-2026-20663 was published Feb 12, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26... Low Unreviewed
CVE-2026-20646 was published Feb 12, 2026
The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573)... Moderate Unreviewed
CVE-2026-1495 was published Feb 10, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-21222 was published Feb 10, 2026
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server... High Unreviewed
CVE-2025-11547 was published Feb 10, 2026
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command) Moderate
CVE-2026-25918 was published for @rage-against-the-pixel/unity-cli (npm) Feb 10, 2026
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs Moderate Unreviewed
CVE-2026-25846 was published Feb 9, 2026
Tanium addressed an information disclosure vulnerability in Threat Response. Moderate Unreviewed
CVE-2025-15332 was published Feb 5, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database