GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,808
Composer 5,566
Erlang 49
GitHub Actions 49
Go 3,479
Maven 6,393
npm 5,718
NuGet 886
pip 4,740
Pub 13
RubyGems 1,031
Rust 1,225
Swift 53

Unreviewed advisories

All unreviewed 297,380

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

59 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html... Moderate Unreviewed

CVE-2026-34478 was published Apr 10, 2026

IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an... Moderate Unreviewed

CVE-2025-14684 was published Mar 26, 2026

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters... Moderate Unreviewed

CVE-2025-59784 was published Mar 4, 2026

IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container... Moderate Unreviewed

CVE-2025-12755 was published Feb 17, 2026

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform... Moderate Unreviewed

CVE-2025-20384 was published Dec 3, 2025

IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other... Moderate Unreviewed

CVE-2025-36159 was published Nov 21, 2025

The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for... Moderate Unreviewed

CVE-2025-11627 was published Oct 30, 2025

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to... Moderate Unreviewed

CVE-2025-36081 was published Oct 28, 2025

CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into... High Unreviewed

CVE-2025-57564 was published Oct 7, 2025

An API endpoint allows arbitrary log entries to be created via POST request. Without... Moderate Unreviewed

CVE-2025-58580 was published Oct 6, 2025

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of... Moderate Unreviewed

CVE-2025-10217 was published Sep 30, 2025

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,... Moderate Unreviewed

CVE-2025-54813 was published Aug 22, 2025

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,... Low Unreviewed

CVE-2025-54812 was published Aug 22, 2025

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on... Moderate Unreviewed

CVE-2024-13949 was published May 22, 2025

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows,... Moderate Unreviewed

CVE-2025-3942 was published May 22, 2025

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with... Low Unreviewed

CVE-2025-41429 was published May 19, 2025

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging... Moderate Unreviewed

CVE-2025-36625 was published Apr 18, 2025

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1... Moderate Unreviewed

CVE-2024-52962 was published Apr 8, 2025

A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection.... Moderate Unreviewed

CVE-2024-12580 was published Mar 20, 2025

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes... Moderate Unreviewed

CVE-2025-23405 was published Feb 28, 2025

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files... Moderate Unreviewed

CVE-2024-49355 was published Feb 20, 2025

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address,... Moderate Unreviewed

CVE-2024-56473 was published Feb 6, 2025

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to... Moderate Unreviewed

CVE-2025-0754 was published Jan 28, 2025

IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not... Moderate Unreviewed

CVE-2024-35150 was published Jan 25, 2025

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user... Moderate Unreviewed

CVE-2024-52891 was published Jan 7, 2025

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

59 advisories