Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,917
Erlang
39
GitHub Actions
38
Go
2,570
Maven
5,000+
npm
4,246
NuGet
754
pip
4,007
Pub
12
RubyGems
953
Rust
1,043
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers Moderate
GHSA-xvp7-8vm8-xfxx was published for @actual-app/sync-server (npm) Oct 20, 2025
StoobertB
Credited to StoobertB
Astro's server source code is exposed to the public if sourcemaps are enabled High
CVE-2024-56159 was published for astro (npm) Dec 19, 2024
lilnasy
Credited to lilnasy
Avtec Outpost stores sensitive information in an insecure location without proper access controls... High Unreviewed
CVE-2024-39776 was published Aug 22, 2024
Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This... Moderate Unreviewed
CVE-2023-39467 was published May 3, 2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request... Moderate Unreviewed
CVE-2002-2024 was published Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database