Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

78 advisories

Loading
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation... Moderate Unreviewed
CVE-2025-14267 was published Dec 19, 2025
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register... Low Unreviewed
CVE-2025-8860 was published Feb 18, 2026
CBORDecoder reuse can leak shareable values across decode calls Moderate
CVE-2025-68131 was published for cbor2 (pip) Dec 31, 2025
andreer Pastea
Credited to andreer and Pastea
URI Credential Leakage Bypass over CVE-2025-27221 Low
CVE-2025-61594 was published for uri (RubyGems) Dec 30, 2025
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML... Low Unreviewed
CVE-2025-65000 was published Dec 18, 2025
Grype has a credential disclosure vulnerability in its JSON output High
CVE-2025-65965 was published for github.com/anchore/grype (Go) Nov 25, 2025
chisui
Credited to chisui
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow... Moderate Unreviewed
CVE-2025-62483 was published Nov 13, 2025
Weblate leaks the IP of project member inviting user to be reviewer in Audit log Low
CVE-2025-64326 was published for weblate (pip) Nov 5, 2025
jermanuts nijel
Credited to jermanuts and nijel
URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+ Low
CVE-2025-27221 was published for uri (RubyGems) Mar 3, 2025
john-halderman
Credited to john-halderman
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop:... High Unreviewed
CVE-2024-49997 was published Oct 21, 2024
Ansible does not collect garbage after playbook run Moderate
CVE-2020-25635 was published for ansible (pip) Oct 31, 2025
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials Critical
GHSA-x6gv-2rvh-qmp6 was published for BoldestDungeon/steam-workshop-deploy (GitHub Actions) Aug 13, 2025
Gamebuster19901
Credited to Gamebuster19901
Shopware exposes sensitive user information via CSV export mapping Moderate
GHSA-27c9-vp3w-6ww8 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could... Low Unreviewed
CVE-2025-0011 was published Sep 6, 2025
XWiki PDF export jobs store sensitive cookies unencrypted in job statuses Moderate
CVE-2025-58049 was published for org.xwiki.platform:xwiki-platform-export-pdf-api (Maven) Aug 28, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Credited to fritzmg
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0... Moderate Unreviewed
CVE-2025-33013 was published Jul 25, 2025
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which... Moderate Unreviewed
CVE-2024-7698 was published Sep 10, 2024
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2025-1759 was published Aug 18, 2025
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks... Low Unreviewed
CVE-2025-48708 was published May 23, 2025
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called... High Unreviewed
CVE-2018-6337 was published May 13, 2022
Wasmtime may have data leakage between instances in the pooling allocator High
CVE-2022-39393 was published for wasmtime (Rust) Nov 10, 2022
alexcrichton
Credited to alexcrichton
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Credited to awsactran
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to... High Unreviewed
CVE-2022-3460 was published Jan 3, 2023
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow... Moderate Unreviewed
CVE-2025-20118 was published Feb 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database