Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

9,109 advisories

Loading
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2026-4020 was published Mar 31, 2026
A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in... High Unreviewed
CVE-2026-29872 was published Mar 30, 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and... High Unreviewed
CVE-2026-34472 was published Mar 30, 2026
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An... Critical Unreviewed
CVE-2026-5128 was published Mar 30, 2026
A vulnerability was found in PromtEngineer localGPT up to... Moderate Unreviewed
CVE-2026-5003 was published Mar 28, 2026
A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function... Moderate Unreviewed
CVE-2026-4994 was published Mar 28, 2026
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2026-1307 was published Mar 28, 2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an... Moderate Unreviewed
CVE-2025-59214 was published Oct 14, 2025
A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function... Moderate Unreviewed
CVE-2026-4957 was published Mar 27, 2026
Dovecot has provided a script to use for attachment to text conversion. This script unsafely... Moderate Unreviewed
CVE-2025-59031 was published Mar 27, 2026
Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field)... Moderate Unreviewed
CVE-2026-1556 was published Mar 27, 2026
An authorization issue was addressed with improved state management. This issue is fixed in iOS... Moderate Unreviewed
CVE-2026-28877 was published Mar 25, 2026
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app... Moderate Unreviewed
CVE-2026-28820 was published Mar 25, 2026
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue... Moderate Unreviewed
CVE-2025-55265 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a... Low Unreviewed
CVE-2025-55276 was published Mar 26, 2026
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights... Low Unreviewed
CVE-2025-55272 was published Mar 26, 2026
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this... Low Unreviewed
CVE-2026-4823 was published Mar 26, 2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application... Moderate Unreviewed
CVE-2025-14915 was published Mar 25, 2026
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.7.7 and... Moderate Unreviewed
CVE-2026-28878 was published Mar 25, 2026
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149... High Unreviewed
CVE-2026-4712 was published Mar 24, 2026
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for... Low Unreviewed
CVE-2005-4868 was published May 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6... Moderate Unreviewed
CVE-2026-4733 was published Mar 24, 2026
IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an... Moderate Unreviewed
CVE-2022-43890 was published Mar 4, 2024
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message... Moderate Unreviewed
CVE-2023-28077 was published Feb 10, 2024
"IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information... Moderate Unreviewed
CVE-2022-38710 was published Nov 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database