Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,961 advisories

Loading
Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated High
CVE-2025-68438 was published for apache-airflow (pip) Jan 16, 2026
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint... High Unreviewed
CVE-2025-69581 was published Jan 16, 2026
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User... High Unreviewed
CVE-2026-21940 was published Jan 21, 2026
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to... High Unreviewed
CVE-2025-69822 was published Jan 22, 2026
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an... High Unreviewed
CVE-2026-21524 was published Jan 23, 2026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the... High Unreviewed
CVE-2025-52026 was published Jan 23, 2026
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive... High Unreviewed
CVE-2025-67274 was published Jan 26, 2026
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AKCE Software... High Unreviewed
CVE-2025-8590 was published Feb 3, 2026
Decidim's private data exports can lead to data leaks High
CVE-2025-65017 was published for decidim (RubyGems) Feb 3, 2026
ahukkanen Credited to ahukkanen
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner High
CVE-2025-61917 was published for n8n (npm) Feb 4, 2026
Azure Function Information Disclosure Vulnerability High Unreviewed
CVE-2026-21532 was published Feb 6, 2026
MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token High
CVE-2026-25650 was published for mcp-salesforce-connector (pip) Feb 6, 2026
nirhaas Credited to nirhaas
The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2026-2268 was published Feb 10, 2026
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an... High Unreviewed
CVE-2026-21260 was published Feb 10, 2026
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted... High Unreviewed
CVE-2024-26477 was published Feb 11, 2026
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted... High Unreviewed
CVE-2024-26480 was published Feb 11, 2026
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26... High Unreviewed
CVE-2026-20641 was published Feb 12, 2026
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3... High Unreviewed
CVE-2026-20606 was published Feb 12, 2026
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading High
CVE-2026-1669 was published for keras (pip) Feb 18, 2026
N3mes1s Credited to N3mes1s
Feathers exposes internal headers via unencrypted session cookie High
CVE-2026-27193 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections High
CVE-2026-23984 was published for apache-superset (pip) Feb 24, 2026
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability... High Unreviewed
CVE-2026-2803 was published Feb 24, 2026
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This... High Unreviewed
CVE-2026-2783 was published Feb 24, 2026
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links High
CVE-2026-27611 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Feb 25, 2026
ByteAfterlife Credited to ByteAfterlife
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an... High Unreviewed
CVE-2026-2244 was published Feb 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database