GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
SurrealDB: Authenticated callers can read fields hidden by field-level SELECT permissions via error messages
Moderate
GHSA-6g9v-7gq3-p2c6
was published
for
surrealdb
(Rust)
Jul 1, 2026
Capgo before 12.128.2 contains improper error handling in the /private/accept_invitation endpoint...
Moderate
Unreviewed
CVE-2026-56331
was published
Jul 1, 2026
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain...
Moderate
Unreviewed
CVE-2025-36328
was published
Jun 30, 2026
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
High
GHSA-cc8f-fcx3-gpjr
was published
for
surrealdb
(Rust)
Jun 19, 2026
canto-saas-api: OAuth credentials exposed in URL query string and exception messages
Moderate
CVE-2026-55375
was published
for
jleehr/canto-saas-api
(Composer)
Jun 19, 2026
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is...
Moderate
Unreviewed
CVE-2025-59872
was published
Jun 17, 2026
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
Critical
CVE-2026-48039
was published
for
meta-ads-mcp
(pip)
Jun 11, 2026
Several Spring WS integration paths with Spring Security could surface detailed account state ...
Moderate
Unreviewed
CVE-2026-40997
was published
Jun 11, 2026
Spring Data REST serializes the full exception cause chain into HTTP error response bodies,...
Moderate
Unreviewed
CVE-2026-41730
was published
Jun 10, 2026
Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic
Low
CVE-2026-45723
was published
for
github.com/siderolabs/omni
(Go)
Jun 5, 2026
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability....
Low
Unreviewed
CVE-2025-52611
was published
Jun 4, 2026
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during...
Moderate
Unreviewed
CVE-2025-52606
was published
Jun 4, 2026
Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Moderate
CVE-2026-47248
was published
for
parse-server
(npm)
May 29, 2026
Keycloak Generates an Error Message Containing Sensitive Information
Moderate
CVE-2026-9794
was published
for
org.keycloak:keycloak-services
(Maven)
May 28, 2026
IBM Business Automation Workflow containers and traditional may leak information about its...
Moderate
Unreviewed
CVE-2026-1248
was published
May 27, 2026
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2...
Moderate
Unreviewed
CVE-2024-28765
was published
May 27, 2026
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly...
Moderate
Unreviewed
CVE-2026-5511
was published
May 19, 2026
Algernon: Single-file mode unconditionally enables debug mode
High
CVE-2026-45728
was published
for
github.com/xyproto/algernon
(Go)
May 19, 2026
Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability
Low
CVE-2026-7860
was published
for
com.vaadin:flow-gradle-plugin
(Maven)
May 19, 2026
Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller...
High
Unreviewed
CVE-2026-41935
was published
May 14, 2026
vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak
Moderate
CVE-2026-44002
was published
for
vm2
(npm)
May 7, 2026
Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information
High
CVE-2026-42459
was published
for
github.com/free5gc/udm
(Go)
May 7, 2026
Flight vulnerable to sensitive information disclosure via default error handler
High
CVE-2026-42552
was published
for
flightphp/core
(Composer)
May 6, 2026
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error...
Moderate
Unreviewed
CVE-2025-31960
was published
May 6, 2026
PyLoad vulnerable to unauthenticated traceback disclosure via global exception handler in WebUI
Moderate
CVE-2026-44226
was published
for
pyload-ng
(pip)
May 6, 2026
ProTip!
Advisories are also available from the
GraphQL API