Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

993 advisories

Loading
Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in... High Unreviewed
CVE-2024-11604 was published Mar 27, 2026
Harbor: LDAP password and OIDC secret are not redacted in the audit log Moderate
GHSA-prh4-vhfh-24mj was published for github.com/goharbor/harbor (Go) Mar 26, 2026
IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5... Moderate Unreviewed
CVE-2025-36187 was published Mar 26, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-28868 was published Mar 25, 2026
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-20668 was published Mar 25, 2026
OpenClaw Telegram media fetch errors exposed bot tokens in logged file URLs Moderate
GHSA-xwcj-hwhf-h378 was published for openclaw (npm) Mar 16, 2026
space08 Credited to space08
OpenClaw: Pairing setup codes exposed long-lived shared gateway credentials instead of short-lived bootstrap tokens Moderate
GHSA-7h7g-x2px-94hj was published for openclaw (npm) Mar 13, 2026
lintsinghua Credited to lintsinghua and woreksami woreksami woreksami
OneUptime: Password Reset Token Logged at INFO Level Moderate
CVE-2026-32598 was published for oneuptime (npm) Mar 13, 2026
n0rv-TvT Credited to n0rv-TvT
OliveTin's email argument makes compliance harder, enables log injection Moderate
GHSA-xx6g-43w2-9g6g was published for github.com/OliveTin/OliveTin (Go) Mar 12, 2026
fg0x0 Credited to fg0x0
A potential vulnerability was reported in the Lenovo FileZ Android application that, under... Low Unreviewed
CVE-2026-0520 was published Mar 11, 2026
In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform... Moderate Unreviewed
CVE-2026-20165 was published Mar 11, 2026
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames... Low Unreviewed
CVE-2026-21791 was published Mar 10, 2026
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered... Moderate Unreviewed
CVE-2025-70040 was published Mar 9, 2026
Apache ZooKeeper has improper handling of configuration values High
CVE-2026-24308 was published for org.apache.zookeeper:zookeeper (Maven) Mar 7, 2026
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is... Low Unreviewed
CVE-2026-21786 was published Mar 5, 2026
@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass Low
CVE-2026-29184 was published for @backstage/plugin-scaffolder-backend (npm) Mar 5, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive... Moderate Unreviewed
CVE-2026-1265 was published Mar 3, 2026
Rancher Backup Operator pod's logs leak S3 tokens Moderate
CVE-2025-62879 was published for github.com/rancher/backup-restore-operator (Go) Mar 3, 2026
Curio exposes database credentials to users with network access through verbose HTTP error responses High
GHSA-gj6x-q8rh-wj6x was published for github.com/filecoin-project/curio (Go) Feb 26, 2026
Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure Moderate
CVE-2026-27900 was published for github.com/linode/terraform-provider-linode (Go) Feb 26, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-0976 was published Feb 25, 2026
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi... Moderate Unreviewed
CVE-2025-5781 was published Feb 25, 2026
Apache Airflow exposes sensitive information in its log files Moderate
CVE-2025-27555 was published for apache-airflow (pip) Feb 24, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact... Moderate Unreviewed
CVE-2026-2350 was published Feb 20, 2026
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS. Moderate Unreviewed
CVE-2026-2605 was published Feb 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database