Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
50
GitHub Actions
50
Go
3,690
Maven
5,000+
npm
5,000+
NuGet
934
pip
4,928
Pub
13
RubyGems
1,053
Rust
1,322
Swift
53
Unreviewed advisories
All unreviewed
5,000+

476 advisories

Loading
Flight vulnerable to sensitive information disclosure via default error handler High
CVE-2026-42552 was published for flightphp/core (Composer) May 6, 2026
Rootingg Credited to Rootingg
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error... Moderate Unreviewed
CVE-2025-31960 was published May 6, 2026
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI Moderate
CVE-2026-44226 was published for pyload-ng (pip) May 6, 2026
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application... Low Unreviewed
CVE-2025-59853 was published May 6, 2026
AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server High
CVE-2026-43873 was published for wwbn/avideo (Composer) May 5, 2026
offset Credited to offset
Spring gRPC AuthenticationException messages are reflected to remote client Low
CVE-2026-40969 was published for org.springframework.grpc:spring-grpc (Maven) Apr 28, 2026
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized... High Unreviewed
CVE-2026-3259 was published Apr 23, 2026
monetr: Server-side request forgery in Lunch Flow link creation and refresh High
CVE-2026-41644 was published for github.com/monetr/monetr (Go) Apr 22, 2026
elliotcourant Credited to elliotcourant
Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out) High
GHSA-f5v8-v6q3-q4h6 was published for Meridian.Mapping (NuGet) Apr 16, 2026
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of... Low Unreviewed
CVE-2025-52641 was published Apr 15, 2026
free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication High
CVE-2026-40245 was published for github.com/free5gc/udr (Go) Apr 14, 2026
Giancannella Credited to Giancannella and FrancescoDAlterio FrancescoDAlterio FrancescoDAlterio
Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor High
CVE-2026-29146 was published for org.apache.tomcat:tomcat (Maven) Apr 9, 2026
tkwilli94 Credited to tkwilli94
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated,... Moderate Unreviewed
CVE-2025-14243 was published Apr 8, 2026
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0,... Moderate Unreviewed
CVE-2026-24511 was published Apr 8, 2026
Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation High
GHSA-jfwg-rxf3-p7r9 was published for github.com/authorizerdev/authorizer (Go) Apr 6, 2026
morimori-dev Credited to morimori-dev
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by... High Unreviewed
CVE-2025-71282 was published Apr 1, 2026
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions` Moderate
CVE-2026-28786 was published for open-webui (pip) Mar 27, 2026
akshatgit Credited to akshatgit
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information... Moderate Unreviewed
CVE-2026-2484 was published Mar 25, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information... Moderate Unreviewed
CVE-2026-1262 was published Mar 25, 2026
HCL Traveler is affected by sensitive information disclosure.  The application generates some... Moderate Unreviewed
CVE-2026-21783 was published Mar 24, 2026
Keycloak's identity-first login flow exposes user information Low
CVE-2026-4633 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
dnegreira Credited to dnegreira
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques High
CVE-2026-33192 was published for github.com/free5gc/udm (Go) Mar 18, 2026
free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request Moderate
CVE-2026-33065 was published for github.com/free5gc/udm (Go) Mar 18, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could... Moderate Unreviewed
CVE-2025-13726 was published Mar 13, 2026
parse-server: Malformed `$regex` query leaks database error details in API response Moderate
CVE-2026-30835 was published for parse-server (npm) Mar 6, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database