GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
canto-saas-api: OAuth credentials exposed in URL query string and exception messages
Moderate
CVE-2026-55375
was published
for
jleehr/canto-saas-api
(Composer)
Jun 19, 2026
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)
Moderate
CVE-2026-47768
was published
for
github.com/juev/nebula-mesh
(Go)
Jun 10, 2026
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes...
Low
Unreviewed
CVE-2026-10078
was published
May 29, 2026
A use of get request method with sensitive query strings vulnerability in volume encryption of...
Moderate
Unreviewed
CVE-2026-2237
was published
May 27, 2026
HCL AION is affected by a vulnerability where sensitive information may be included in URL...
Low
Unreviewed
CVE-2025-62317
was published
May 14, 2026
Portainer: JWT accepted in URL query leaks tokens to logs and referers
High
CVE-2026-44883
was published
for
github.com/portainer/portainer
(Go)
May 14, 2026
AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover
Moderate
CVE-2026-43875
was published
for
wwbn/avideo
(Composer)
May 5, 2026
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers...
Moderate
Unreviewed
CVE-2026-37504
was published
May 1, 2026
Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings
High
CVE-2026-34020
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
Apr 9, 2026
Nhost Leaks Refresh Tokens via URL Query Parameter in OAuth Provider Callback
Low
CVE-2026-34969
was published
for
github.com/nhost/nhost
(Go)
Apr 1, 2026
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage
Moderate
GHSA-4rh7-jwg9-m28m
was published
for
openssl-encrypt
(pip)
Apr 1, 2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain...
Low
Unreviewed
CVE-2025-14808
was published
Mar 25, 2026
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
Moderate
CVE-2026-33620
was published
for
github.com/pinchtab/pinchtab
(Go)
Mar 24, 2026
An attacker can extract user email addresses (PII) exposed in base64 encoding via the state...
Moderate
Unreviewed
CVE-2026-31381
was published
Mar 20, 2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could...
Low
Unreviewed
CVE-2025-14811
was published
Mar 13, 2026
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This...
Moderate
Unreviewed
CVE-2025-13219
was published
Mar 10, 2026
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in...
High
Unreviewed
CVE-2025-41772
was published
Mar 9, 2026
Gogs: Access tokens get exposed through URL params in API requests
Moderate
CVE-2026-26196
was published
for
gogs.io/gogs
(Go)
Mar 5, 2026
An information exposure vulnerability exists in
Vulnerability in HCL Software ZIE for Web.
The...
Moderate
Unreviewed
CVE-2025-59873
was published
Feb 23, 2026
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote...
High
Unreviewed
CVE-2026-26721
was published
Feb 20, 2026
Certain requests pass the authentication token in the URL as string query parameter, making it...
Moderate
Unreviewed
CVE-2026-22644
was published
Jan 15, 2026
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps...
Low
Unreviewed
CVE-2025-69270
was published
Jan 12, 2026
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the...
Moderate
Unreviewed
CVE-2025-36371
was published
Nov 19, 2025
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP...
Moderate
Unreviewed
CVE-2025-31954
was published
Nov 5, 2025
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4...
Low
Unreviewed
CVE-2025-32916
was published
Oct 9, 2025
ProTip!
Advisories are also available from the
GraphQL API