Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,850
Maven
5,000+
npm
4,485
NuGet
779
pip
4,238
Pub
12
RubyGems
975
Rust
1,093
Swift
48
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client High
CVE-2025-66035 was published for @angular/common (npm) Nov 26, 2025
alan-agius4 AndrewKushnir
irsl hybrist AKiileX
Credited to alan-agius4, AndrewKushnir, irsl, hybrist, and AKiileX
XWiki exposes passwords and emails stored in fields not named password/email in xml.vm High
CVE-2025-54125 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
XWiki leaks password hashes and other accessible password properties High
CVE-2025-54124 was published for org.xwiki.platform:xwiki-platform-legacy-oldcore (Maven) Aug 5, 2025
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
Credited to Markus-Rost and Universal-Omega
Updatecli exposes Maven credentials in console output High
CVE-2025-24355 was published for github.com/updatecli/updatecli (Go) Jan 24, 2025
gionn olblak
Credited to gionn and olblak
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Credited to TrueSkrillor and lambdafu
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
XWiki Platform may show email addresses in clear in REST results High
CVE-2023-35151 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Jun 20, 2023
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
Mattermost Server: initial_load API exposes unnecessary information High
CVE-2016-11066 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Exposure of sensitive information in follow-redirects High
CVE-2022-0155 was published for follow-redirects (npm) Jan 12, 2022
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database