Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON High
CVE-2026-34214 was published for io.trino:trino-iceberg (Maven) Mar 29, 2026
findinpath Credited to findinpath, ebyhr, chenjian2664, losipiuk, and findepi ebyhr ebyhr
chenjian2664 chenjian2664 losipiuk losipiuk findepi findepi
OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status Moderate
GHSA-ppwq-6v66-5m6j was published for openclaw (npm) Mar 26, 2026
zpbrent Credited to zpbrent
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-1182 was published Mar 12, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-1732 was published Mar 11, 2026
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register... Low Unreviewed
CVE-2025-8860 was published Feb 18, 2026
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program... Low Unreviewed
CVE-2025-61643 was published Feb 3, 2026
CBORDecoder reuse can leak shareable values across decode calls Moderate
CVE-2025-68131 was published for cbor2 (pip) Dec 31, 2025
andreer Credited to andreer and Pastea Pastea Pastea
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation... Moderate Unreviewed
CVE-2025-14267 was published Dec 19, 2025
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML... Low Unreviewed
CVE-2025-65000 was published Dec 18, 2025
Grype has a credential disclosure vulnerability in its JSON output High
CVE-2025-65965 was published for github.com/anchore/grype (Go) Nov 25, 2025
chisui Credited to chisui
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow... Moderate Unreviewed
CVE-2025-62483 was published Nov 13, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts Credited to jermanuts and nijel nijel nijel
Ansible does not collect garbage after playbook run Moderate
CVE-2020-25635 was published for ansible (pip) Oct 31, 2025
Shopware exposes sensitive user information via CSV export mapping Moderate
GHSA-27c9-vp3w-6ww8 was published for shopware/core (Composer) Oct 21, 2025
larskemper Credited to larskemper
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could... Low Unreviewed
CVE-2025-0011 was published Sep 6, 2025
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses Moderate
CVE-2025-58049 was published for org.xwiki.platform:xwiki-platform-export-pdf-api (Maven) Aug 28, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg Credited to fritzmg
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2025-1759 was published Aug 18, 2025
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901 Credited to Gamebuster19901
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0... Moderate Unreviewed
CVE-2025-33013 was published Jul 25, 2025
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks... Low Unreviewed
CVE-2025-48708 was published May 23, 2025
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ Low
CVE-2025-27221 was published for uri (RubyGems) Mar 3, 2025
john-halderman Credited to john-halderman
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow... Moderate Unreviewed
CVE-2025-20118 was published Feb 26, 2025
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private... High Unreviewed
CVE-2024-8474 was published Jan 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database