Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

602 advisories

Loading
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs Moderate
GHSA-xwcj-hwhf-h378 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens Moderate
GHSA-7h7g-x2px-94hj was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua and woreksami woreksami woreksami
OneUptime: Password Reset Token Logged at INFO Level Moderate
CVE-2026-32598 was published for oneuptime (npm) Mar 13, 2026
n0rv-TvT Credited to n0rv-TvT
OliveTin's email argument makes compliance harder, enables log injection Moderate
GHSA-xx6g-43w2-9g6g was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
fg0x0 Credited to fg0x0
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20165 was published Mar 11, 2026
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered... Moderate Unreviewed
CVE-2025-70040 was published Mar 9, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive... Moderate Unreviewed
CVE-2026-1265 was published Mar 3, 2026
Rancher Backup Operator pod's logs leak S3 tokens Moderate
CVE-2025-62879 was published for github.com/rancher/backup-restore-operator (Go) Mar 3, 2026
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure Moderate
CVE-2026-27900 was published for github.com/linode/terraform-provider-linode (Go) Feb 26, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-0976 was published Feb 25, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-5781 was published Feb 25, 2026
Apache Airflow exposes sensitive information in its log files Moderate
CVE-2025-27555 was published for apache-airflow (pip) Feb 24, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends. Moderate Unreviewed
CVE-2026-1292 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact... Moderate Unreviewed
CVE-2026-2350 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. Moderate Unreviewed
CVE-2026-2605 was published Feb 20, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud... Moderate Unreviewed
CVE-2026-20144 was published Feb 18, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk... Moderate Unreviewed
CVE-2026-20138 was published Feb 18, 2026
In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk... Moderate Unreviewed
CVE-2026-20142 was published Feb 18, 2026
The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573)... Moderate Unreviewed
CVE-2026-1495 was published Feb 10, 2026
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker... Moderate Unreviewed
CVE-2026-21222 was published Feb 10, 2026
unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command) Moderate
CVE-2026-25918 was published for @rage-against-the-pixel/unity-cli (npm) Feb 10, 2026
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs Moderate Unreviewed
CVE-2026-25846 was published Feb 9, 2026
Tanium addressed an information disclosure vulnerability in Threat Response. Moderate Unreviewed
CVE-2025-15332 was published Feb 5, 2026
Neo4j Enterprise and Community vulnerable to a potential information disclosure Moderate
CVE-2026-1622 was published for org.neo4j:neo4j (Maven) Feb 4, 2026
RustFS Logs Sensitive Credentials in Plaintext Moderate
CVE-2026-24762 was published for rustfs (Rust) Feb 3, 2026
cchheang Credited to cchheang
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database